Loading ...
Sorry, an error occurred while loading the content.
 

ADsafe[]

Expand Messages
  • Douglas Crockford
    ADsafe took a big usability hit when the Firefox[-6] bug was discovered. ADsafe took the necessary but highly undesirable step of outlawing the use of the []
    Message 1 of 2 , Apr 18, 2011
      ADsafe took a big usability hit when the Firefox[-6] bug was discovered. ADsafe took the necessary but highly undesirable step of outlawing the use of the [] subscript operator except when the subscript expression was a non-negative number or an approved string.

      Thanks to a suggestion by Jasvir Nagra, ADsafe allows [] for all number literals as well as strings starting with '-'. It also accepts subscripts that are expressions that can be easily determined to be strings.

      adsafe.js's initialization now contains the following (which, coincidentally, demonstrates the Principle of Correspondence):

      if (Function.__defineGetter__) {
      (function (p, f) {
      p.__defineGetter__('-1', f);
      p.__defineGetter__('-3', f);
      p.__defineGetter__('-6', f);
      }(Function.prototype, function () {
      return null;
      }));
      }

      For browsers that have a __defineGetter__ method, that method will be used to install getters for [-1], [-3], and [-6] that will return null. This is thought to plug the Firefox leak.

      JSLint will now allow subscript expressions where the outermost operator is one of these prefix operators

      - + ~ typeof

      or one of these infix operators

      - * / % & | << >> >>>
    • Kent Davidson
      Douglas, Can you point to the documentation/report on the Firefox[-6] bug? Just out of curiosity. -Kent. ... [Non-text portions of this message have been
      Message 2 of 2 , Apr 19, 2011
        Douglas,

        Can you point to the documentation/report on the Firefox[-6] bug? Just out of curiosity.

        -Kent.

        On Apr 18, 2011, at 9:40 PM, Douglas Crockford wrote:

        > ADsafe took a big usability hit when the Firefox[-6] bug was discovered. ADsafe took the necessary but highly undesirable step of outlawing the use of the [] subscript operator except when the subscript expression was a non-negative number or an approved string.
        >
        > Thanks to a suggestion by Jasvir Nagra, ADsafe allows [] for all number literals as well as strings starting with '-'. It also accepts subscripts that are expressions that can be easily determined to be strings.
        >
        > adsafe.js's initialization now contains the following (which, coincidentally, demonstrates the Principle of Correspondence):
        >
        > if (Function.__defineGetter__) {
        > (function (p, f) {
        > p.__defineGetter__('-1', f);
        > p.__defineGetter__('-3', f);
        > p.__defineGetter__('-6', f);
        > }(Function.prototype, function () {
        > return null;
        > }));
        > }
        >
        > For browsers that have a __defineGetter__ method, that method will be used to install getters for [-1], [-3], and [-6] that will return null. This is thought to plug the Firefox leak.
        >
        > JSLint will now allow subscript expressions where the outermost operator is one of these prefix operators
        >
        > - + ~ typeof
        >
        > or one of these infix operators
        >
        > - * / % & | << >> >>>
        >
        >



        [Non-text portions of this message have been removed]
      Your message has been successfully submitted and would be delivered to recipients shortly.