W3C home > Mailing lists > Public > public-script-coord@w3.org > January to March 2013

Re: IDL: number types

From: Rick Waldron <waldron.rick@gmail.com>
Date: Fri, 22 Mar 2013 07:56:10 -0400
Message-ID: <CAHfnhfrHYfy2Y9_QJPqSCYrELOw1TN5_2XvUZ5aXGu28tvhZGg@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Allen Wirfs-Brock <allen@wirfs-brock.com>, Marcos Caceres <w3c@marcosc.com>, Yehuda Katz <wycats@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, "public-script-coord@w3.org" <public-script-coord@w3.org>
On Fri, Mar 22, 2013 at 1:15 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 3/21/13 10:58 PM, Rick Waldron wrote:
>> If you have a 100% provable test case, please file bugs at
>> http://bugs.jquery.com
> Oh, and my apologies for the "don't care" claim.  It was made based on
> lack of mitigation attempts for attackers redefining various facilities on
> standard objects that jQuery uses internally (starting with
> String.prototype.toLowerCase, for example).

Fair enough, however, part of what makes jQuery appealing to developers is
that it doesn't modify built-ins and can therefore never conflict with any
other library (this is a "cost of development and maintenance" win for
most). If rigid protection from redefinition is important to an end
developer, I'd recommend they load SES first to secure the environment and
then load in their application dependencies, etc.


> -Boris
Received on Friday, 22 March 2013 11:56:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:08 UTC