Re: IDL: number types from Rick Waldron on 2013-03-22 (public-script-coord@w3.org from January to March 2013)

From: Rick Waldron <waldron.rick@gmail.com>
Date: Fri, 22 Mar 2013 07:56:10 -0400
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Allen Wirfs-Brock <allen@wirfs-brock.com>, Marcos Caceres <w3c@marcosc.com>, Yehuda Katz <wycats@gmail.com>, Anne van Kesteren <annevk@annevk.nl>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Message-ID: <CAHfnhfrHYfy2Y9_QJPqSCYrELOw1TN5_2XvUZ5aXGu28tvhZGg@mail.gmail.com>

On Fri, Mar 22, 2013 at 1:15 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 3/21/13 10:58 PM, Rick Waldron wrote:
>
>> If you have a 100% provable test case, please file bugs at
>> http://bugs.jquery.com
>>
>
> Oh, and my apologies for the "don't care" claim.  It was made based on
> lack of mitigation attempts for attackers redefining various facilities on
> standard objects that jQuery uses internally (starting with
> String.prototype.toLowerCase, for example).

Fair enough, however, part of what makes jQuery appealing to developers is
that it doesn't modify built-ins and can therefore never conflict with any
other library (this is a "cost of development and maintenance" win for
most). If rigid protection from redefinition is important to an end
developer, I'd recommend they load SES first to secure the environment and
then load in their application dependencies, etc.

Rick

>
>
> -Boris
>

Received on Friday, 22 March 2013 11:56:58 UTC