On Mon, Feb 18, 2013 at 2:27 PM, Nathan Wall wrote:
> Claus Reinke wrote:
> > Careful there, you're not done!-) With nodejs, adding the following
> >
> > var table = makeTable();
> > table.add(1);
> > table.add(2);
> > table.add(3);
> >
> > var secret;
> > Object.defineProperty(Array.prototype,42
Out of curiosity, what does your favorite test coverage tool report
for the source below? And what does it report when you comment
out the directive?
:-p Ok, there are exceptions if your code depends on semantic changes
described in the third section of the article (dynamic this/eval/arguments).
Claus Reinke wrote:
> Careful there, you're not done!-) With nodejs, adding the following
>
> var table = makeTable();
> table.add(1);
> table.add(2);
> table.add(3);
>
> var secret;
> Object.defineProperty(Array.prototype,42,{get:function(){ secret = this;}});
>
> table.get(42);
> console.log(secr
as a "high-integrity" function:
var freeze = Object.freeze,
push = Function.prototype.call.bind(Array.prototype.push);
function makeTable() {
var array = [];
return freeze({
add: function(v) { push(array, v); },
store: function(i, v) { array[i >>> 0] =
The guide looks really good. Well done!
One thing I learned when trying to convince others to use strict mode
is a tool to help catching the syntax errors. Scanning a large app
code by hand is tedious and error prone. This is one of the reasons I
built an online validator: http://esprima.org/demo/
David Bruant wrote:
> ...
> "Security" is very loaded with emotions of people afraid to have their
> password stolen and "cyber attacks". It's also loaded with the notion of
> human safety and human integrity which, as human beings are sensitive to.
> Maybe I should start using a different word...
Kevin Smith wrote:
If you added just one symbol to the internal interface of an object,
the whitelists at all trusted proxy-creating sites would also have to
be updated.
Not arguing with your larger point, but this is why the whitelist is a
live object, that is, the proxy code consults it by
Le 18 févr. 2013 à 00:56, Biju a écrit :
> On 16 February 2013 20:26, David Bruant wrote:
>> Le 17/02/2013 00:58, Biju a écrit :
>
>> Also, it doesn't seem that hard to implement:
>>String.prototype.startsWithI = function(s){
>>this.match(new RegExp('^'+s, 'i'));
>>}
>
> you a
Le 18/02/2013 16:48, Claus Reinke a écrit :
Talking about 100% coverage and "catching all errors" is never a
good combination - even if you should have found an example of
where this works, it will be an exception.
There are a couple of things I'm sure of. For instance, direct eval
aside (eval n
I think this proposal gets it right from privacy side of things, but the
interaction with proxies is not good. Proxies would have to treat any
symbol as potentially naming a private property, and therefore all symbols
used by the object would have to be added to the proxy's whitelist when
wrapping
Talking about 100% coverage and "catching all errors" is never a
good combination - even if you should have found an example of
where this works, it will be an exception.
There are a couple of things I'm sure of. For instance, direct eval
aside (eval needs some specific work anyway because its
Le 18 févr. 2013 à 12:29, David Bruant a écrit :
>
> # On older browser not running strict mode
I was precisely going to write that it is missing an important explicit advice
to produce code that runs both under strict and non-strict mode.
> That point is a very valid concern (and I should p
On 18 February 2013 01:24, Norbert Lindenberg
wrote:
> Actually, it's not just case that users want to ignore. In many use cases,
> users search for something "similar" to their search string, and the
> definition of "similar" can vary substantially. For example, an English
> speaker typically
Le 18/02/2013 11:10, Claus Reinke a écrit :
I'm looking forward to any recommendation you'd have to improve this
guide, specifically about the runtime errors where I said something
about "100% coverage test suite" and I'm not entirely sure about that.
Talking about 100% coverage and "catching
On 16 February 2013 20:36, Allen Wirfs-Brock wrote:
>
> On Feb 14, 2013, at 11:46 AM, Andreas Rossberg wrote:
>
>> On 14 February 2013 01:05, Allen Wirfs-Brock wrote:
>>> Where "do without", means replaced with set/getIntegrity traps and objects
>>> have explicit internal state whose value is on
15 matches
Mail list logo
