On Mon, Jun 11, 2012 at 5:55 PM, Mark S. Miller <erig...@google.com> wrote: > On Tue, Jun 12, 2012 at 7:59 AM, Charles Kendrick > <char...@isomorphic.com> wrote: >> I'm reading this as saying that stack traces in general should not be >> available unless the code is privileged in some way. This can't be >> what you mean, so could you clarify? > > That is exactly what I mean.
The only way I can see this working is if there is a way for a given piece of code to trap an error and ask some kind of (elevated privilege) logging system to provide diagnostic information that a (privileged) end user can see. It also seems like, in addition to this, you should be able to get to stack information programmatically so long as you stay within your module or modules that have the same privilege. This doesn't sound like something that could be reasonably standardized into ECMAScript in the near future, and, without all those pieces in place, it doesn't seem like ECMAScript should just disallow the ability to get stack traces. Brendan brought up SES - I know little about it, but for its sake I hope this critical use case is taken into account. On Mon, Jun 11, 2012 at 6:17 PM, Brendan Eich <bren...@mozilla.org> wrote: > I thought so too, but Charles is arguing both (a) no worse than today (not > better than today); (b) useful for people who prefer > non-strict code and a more useful stack-tracing API in the core language. Just to clarify, I prefer *some* of the ideas behind "use strict" and in fact we built a subset of "use strict" into our in-house tools long before JSLint existed. But if it's going to impose a security boundary between my own methods and reduce the utility of stack traces which are sometimes the only thing you have to go on.. no thank you. That seems to me to conflate useful error checking and security; there is overlap, but not 100% overlap by any means. _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
