Re: [caplet] Re: ADsafe
- David Hopwood wrote:
> collin_jackson wrote:Better:
>> Square brackets are clearly problematic, as they allow access to eval.
>> I suggest you deny them entirely and (optionally) allow authors use
>> the ADSAFE API to proxy their array indexing.
>> Instead of
>> foo[bar] = foo[bar] + 1;
>> ADSAFE.setIndex(foo, bar, ADSAFE.getIndex(foo, bar) + 1);
>> The ADSAFE getIndex and setIndex API could ensure that "bar" is a
>> number or safe string.
> This is a case where conciseness matters for the acceptability of
> the restriction, so I suggest something like:
> SET(foo, bar, GET(foo, bar) + 1);
foo.set(bar, foo.get(bar) + 1);
and undo the conflation of objects with arrays and dictionaries, by
defining 'get' and 'set' only for the latter.
David Hopwood <david.hopwood@...>
- I updated the ADsafe DOM interface. Previously, a method like .getValue() could return
a single value
an array of values
depending on the number of results. Now, a method like .getValue() will return the first value that is available, or undefined if there are none. A new method, .getValues() will always return an array, possibly an empty array.