- From: Dan Connolly <connolly@w3.org>
- Date: Thu, 28 May 2009 11:51:44 -0500
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
On Thu, 2009-05-28 at 12:42 -0400, Jonathan Rees wrote: > On Thu, May 28, 2009 at 12:02 PM, Dan Connolly <connolly@w3.org> wrote: > > The "use strict" stuff in ES5 evidently > > borrows from Caja and other secure javascript > > projects. > > Not a coincidence. The 4 or 5 projects doing things like this > are using Ecma as their standardization venue. Right; my point was that this Caja stuff isn't just in the labs; it seems to be on a realistic path to deployment... this is surprisingly good news to me; recall that just 6 months ago I wrote... "it seems an impossibly high bar to reach, given the worse-is-better tendency in software deployment ... after wrestling with the patchwork of javascript security policies in browsers in the past few weeks, the capability approach in adsafe looks simple and elegant by comparison. Is there any chance we can move the state-of-the-art that far?" -- http://www.w3.org/QA/2008/12/web_applications_security_requ.html -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Thursday, 28 May 2009 16:51:51 UTC