On Aug 17, 2011, at 4:39 PM, Brendan Eich wrote: > On Aug 17, 2011, at 4:25 PM, John J Barton wrote: > >> On Wed, Aug 17, 2011 at 4:15 PM, Brendan Eich <bren...@mozilla.com> wrote: >>> >>> Mozilla has evalInSandbox built-ins. >> >> Unfortunately I have quite a lot of experience with evalInSandbox. > > If you mean Firebug vs. evalInSandbox, if I recall correctly, the problem is > that a debugger doesn't want as much isolation as the security use-cases that > motivated evalInSandbox want. Is that right?
>From corresponding with John, this seems like a combo of out of date MDC docs >on evalInSandbox (it uses proxy-based membranes aggressively for security, but >the docs predate that), and the common line number problem with all eval >variants, where multiple lines in the eval'ed source do not have usable line >numbers: https://bugzilla.mozilla.org/show_bug.cgi?id=307984 We have discussed various fixes to propagate accurate, invertible source coordinates through nested evals in bugzilla bugs in the past. Firebug has tried crypto-hashing source strings, IIRC. Does anyone have a solid solution? /be _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
