Oliver Hunt wrote: > On Dec 8, 2009, at 7:30 PM, Breton Slivka wrote: > >> Right now there are projects to do this (caja, adsafe), but to do a >> runtime check requires that the user download a full JS parser, and >> validator. If part of the parsing task was built into the browser, >> there would be less code to download, and the verification would run >> much faster. This has real implications for users and developers, and >> would enable new and novel uses for JS in a browser, and distributed >> code modules. > > Providing an AST doesn't get you anything substantial here as the > hard part of all this is validation, not parsing.
That's not entirely accurate. In implementing Jacaranda, I estimate the split of effort between validation/parsing has been about 60/40. ECMAScript is really quite difficult to lex+parse if you absolutely need to do so correctly. -- David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss