On 10/28/07, Robert Sayre <[EMAIL PROTECTED]> wrote: > It's not all disagreement, though. One aspect of Google Caja seems > preferable to me: the JSON object. In fact, I would like the committee > to drop the JSON methods on the object prototype in favor of letting > host environments provide that API.
I agree. Let's also not add .toJSONString() and .fromJSONString() to the language. .toJSONString() creates quoting confusions that can lead to XSS-like vulnerabilities <http://google-caja.googlecode.com/svn/trunk/src/js/com/google/caja/JSON.js>. .fromJSONString() is inappropriate as a method of String. A String can represent source text of any of a large variety of languages. Each language should know how to parse Strings. Strings should not know how to be parsed in any particular language. We should follow the object design principle that Rebecca Wirfs-Brock calls "responsibility based design". However, Rebecca is related to the evil Allan of Microsoft, so perhaps responsibility based design is part of some evil corporate plot? Or maybe we should evaluate the logic of what people are saying independent of their corporate affiliation? -- Text by me above is hereby placed in the public domain Cheers, --MarkM _______________________________________________ Es4-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es4-discuss
