Doug,
Yes, I think the time has come to table the ES3+ materials.
It has been discussed on and off since April. Do you have something
that describes this proposal in a material way?
How can people evaluate ES4 vs ES3+ if ES3+ is unknown and unspecified?
Michael
Yehuda Katz wrote:
Doug,
What specifically would you do in ES3+ to improve this situation?
-- Yehuda
On 10/30/07, Douglas Crockford <[EMAIL PROTECTED]>
wrote:
>
Brenden is also correct: If the working group voted and
> the current
> proposal won - it is better to have a stronger, more secure
> language.
> Sure they can argue it is bloated, but SO WHAT?
The proposal is not a more secure language. It does nothing to address
ECMAScript's biggest design flaw: the insecurity caused its dependence
on a global object. XSS attacks are a direct consequence of this flaw.
By making the language more complex, this problem becomes even harder
to reason about and fix.
I have been bringing this up since my first day in the working group.
This is not a concern that is being sprung at the last minute.
The working group hasn't voted. The proposal has not won. We have
agreed to disagree, developing two competing proposals in the same
working group. I am pursuing with Microsoft a counter proposal for a
simpler, reliable remedy to real problems. My position isn't that
_javascript_ doesn't need fixing. I think we need to be more selective in
how we fix it. Bloat, in my view, is not good design.
_______________________________________________
Es4-discuss mailing list
Es4-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es4-discuss
--
Yehuda Katz
Web Developer | Procore Technologies
(ph) 718.877.1325
_______________________________________________
Es4-discuss mailing list
Es4-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es4-discuss
|
_______________________________________________
Es4-discuss mailing list
Es4-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es4-discuss
