Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] Re: ADsafe

Expand Messages
  • David Hopwood
    ... This is a case where conciseness matters for the acceptability of the restriction, so I suggest something like: SET(foo, bar, GET(foo, bar) + 1); instead.
    Message 1 of 36 , Sep 30, 2007
    • 0 Attachment
      collin_jackson wrote:
      > Square brackets are clearly problematic, as they allow access to eval.
      > I suggest you deny them entirely and (optionally) allow authors use
      > the ADSAFE API to proxy their array indexing.
      >
      > Instead of
      > foo[bar] = foo[bar] + 1;
      > Use
      > ADSAFE.setIndex(foo, bar, ADSAFE.getIndex(foo, bar) + 1);
      >
      > The ADSAFE getIndex and setIndex API could ensure that "bar" is a
      > number or safe string.

      This is a case where conciseness matters for the acceptability of
      the restriction, so I suggest something like:

      SET(foo, bar, GET(foo, bar) + 1);

      instead.

      --
      David Hopwood <david.hopwood@...>
    • Douglas Crockford
      I updated the ADsafe DOM interface. Previously, a method like .getValue() could return undefined a single value an array of values depending on the number of
      Message 36 of 36 , Nov 11, 2010
      • 0 Attachment
        I updated the ADsafe DOM interface. Previously, a method like .getValue() could return

        undefined
        a single value
        an array of values

        depending on the number of results. Now, a method like .getValue() will return the first value that is available, or undefined if there are none. A new method, .getValues() will always return an array, possibly an empty array.
      Your message has been successfully submitted and would be delivered to recipients shortly.