Changes to Array method this coercion (was: ES3.1 Draft: 27 Oct 2008 version available)

# Robert Sayre (17 years ago)

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

Opera 9.61 Chrome Beta 1 Safari 3.1.2 Firefox 3.0.3

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

I checked current browser behavior for this coercion to the global
object for array methods (as well as apply and call).

Opera 9.61
Chrome Beta 1
Safari 3.1.2
Firefox 3.0.3

http://people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to
the global object for Array.map in this example, so Mozilla opposes
these changes.

-- 

Robert Sayre

"I would have written a shorter letter, but I did not have the time."

# David-Sarah Hopwood (17 years ago)

Robert Sayre wrote:

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

Opera 9.61 Chrome Beta 1 Safari 3.1.2 Firefox 3.0.3

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

The change in behaviour was quite deliberate, and I had been under the impression there was a concensus in favour of it. Removing the coercion of 'this' to the global object is necessary to improve the safety and security of ES3.1, IMHO.

Robert Sayre wrote:
> I checked current browser behavior for this coercion to the global
> object for array methods (as well as apply and call).
> 
> Opera 9.61
> Chrome Beta 1
> Safari 3.1.2
> Firefox 3.0.3
> 
> http://people.mozilla.com/~sayrer/2008/10/27/this.html
> 
> It seems that the above implementations coerce null or undefined to
> the global object for Array.map in this example, so Mozilla opposes
> these changes.

The change in behaviour was quite deliberate, and I had been under the
impression there was a concensus in favour of it. Removing the coercion
of 'this' to the global object is necessary to improve the safety and
security of ES3.1, IMHO.

-- 
David-Sarah Hopwood

# Maciej Stachowiak (17 years ago)

On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

Robert Sayre wrote:

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

Opera 9.61 Chrome Beta 1 Safari 3.1.2 Firefox 3.0.3

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

The change in behaviour was quite deliberate, and I had been under the impression there was a concensus in favour of it. Removing the
coercion of 'this' to the global object is necessary to improve the safety and security of ES3.1, IMHO.

Apple is also opposed to changing this behavior, at least without
sufficient showing that the change is broadly compatible with Web
content.

It is also not clear to me how it improves safety and security of ES
3.1. What is the threat model it protects against?

, Maciej

On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

> Robert Sayre wrote:
>> I checked current browser behavior for this coercion to the global
>> object for array methods (as well as apply and call).
>>
>> Opera 9.61
>> Chrome Beta 1
>> Safari 3.1.2
>> Firefox 3.0.3
>>
>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>
>> It seems that the above implementations coerce null or undefined to
>> the global object for Array.map in this example, so Mozilla opposes
>> these changes.
>
> The change in behaviour was quite deliberate, and I had been under the
> impression there was a concensus in favour of it. Removing the  
> coercion
> of 'this' to the global object is necessary to improve the safety and
> security of ES3.1, IMHO.

Apple is also opposed to changing this behavior, at least without  
sufficient showing that the change is broadly compatible with Web  
content.

It is also not clear to me how it improves safety and security of ES  
3.1. What is the threat model it protects against?

Regards,
Maciej

# Dean Edwards (17 years ago)

Maciej Stachowiak wrote:

On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

Robert Sayre wrote:

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

Opera 9.61 Chrome Beta 1 Safari 3.1.2 Firefox 3.0.3

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

The change in behaviour was quite deliberate, and I had been under the impression there was a concensus in favour of it. Removing the coercion of 'this' to the global object is necessary to improve the safety and security of ES3.1, IMHO.

Apple is also opposed to changing this behavior, at least without sufficient showing that the change is broadly compatible with Web content.

It is also not clear to me how it improves safety and security of ES 3.1. What is the threat model it protects against?

As far as I understand it, the global object in a browser environment has a length property indicating the number of frames. If you call Array.map(null, fn) in a browser environment you will enumerate the frames collection. In a non-browser environment you get different behaviour. For one, I'd prefer not to have this behaviour.

Maciej Stachowiak wrote:
> 
> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
> 
>> Robert Sayre wrote:
>>> I checked current browser behavior for this coercion to the global
>>> object for array methods (as well as apply and call).
>>>
>>> Opera 9.61
>>> Chrome Beta 1
>>> Safari 3.1.2
>>> Firefox 3.0.3
>>>
>>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>>
>>> It seems that the above implementations coerce null or undefined to
>>> the global object for Array.map in this example, so Mozilla opposes
>>> these changes.
>>
>> The change in behaviour was quite deliberate, and I had been under the
>> impression there was a concensus in favour of it. Removing the coercion
>> of 'this' to the global object is necessary to improve the safety and
>> security of ES3.1, IMHO.
> 
> Apple is also opposed to changing this behavior, at least without 
> sufficient showing that the change is broadly compatible with Web content.
> 
> It is also not clear to me how it improves safety and security of ES 
> 3.1. What is the threat model it protects against?
> 


As far as I understand it, the global object in a browser environment 
has a length property indicating the number of frames. If you call 
Array.map(null, fn) in a browser environment you will enumerate the 
frames collection. In a non-browser environment you get different 
behaviour. For one, I'd prefer not to have this behaviour.

-dean

# Herman Venter (17 years ago)

I am also dubious about this change, particularly since it contradicts the notion that ES3.1 == ES3 + reality. Wouldn't this change be more appropriate to the secure subset?

Herman

I am also dubious about this change, particularly since it contradicts the notion that ES3.1 == ES3 + reality. Wouldn't this change be more appropriate to the secure subset?

Herman

-----Original Message-----
From: es3.x-discuss-bounces at mozilla.org [mailto:es3.x-discuss-bounces at mozilla.org] On Behalf Of Maciej Stachowiak
Sent: Monday, October 27, 2008 5:04 PM
To: David-Sarah Hopwood
Cc: es3.x-discuss at mozilla.org; es-discuss at mozilla.org
Subject: Re: Changes to Array method this coercion (was: ES3.1 Draft: 27 Oct 2008 version available)


On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

> Robert Sayre wrote:
>> I checked current browser behavior for this coercion to the global
>> object for array methods (as well as apply and call).
>>
>> Opera 9.61
>> Chrome Beta 1
>> Safari 3.1.2
>> Firefox 3.0.3
>>
>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>
>> It seems that the above implementations coerce null or undefined to
>> the global object for Array.map in this example, so Mozilla opposes
>> these changes.
>
> The change in behaviour was quite deliberate, and I had been under the
> impression there was a concensus in favour of it. Removing the
> coercion
> of 'this' to the global object is necessary to improve the safety and
> security of ES3.1, IMHO.

Apple is also opposed to changing this behavior, at least without
sufficient showing that the change is broadly compatible with Web
content.

It is also not clear to me how it improves safety and security of ES
3.1. What is the threat model it protects against?

Regards,
Maciej

_______________________________________________
Es3.x-discuss mailing list
Es3.x-discuss at mozilla.org
https://mail.mozilla.org/listinfo/es3.x-discuss

# Maciej Stachowiak (17 years ago)

On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:

Maciej Stachowiak wrote:

On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

Robert Sayre wrote:

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

Opera 9.61 Chrome Beta 1 Safari 3.1.2 Firefox 3.0.3

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

The change in behaviour was quite deliberate, and I had been under
the impression there was a concensus in favour of it. Removing the
coercion of 'this' to the global object is necessary to improve the safety
and security of ES3.1, IMHO. Apple is also opposed to changing this behavior, at least without
sufficient showing that the change is broadly compatible with Web
content. It is also not clear to me how it improves safety and security of
ES 3.1. What is the threat model it protects against?

As far as I understand it, the global object in a browser
environment has a length property indicating the number of frames.
If you call Array.map(null, fn) in a browser environment you will
enumerate the frames collection. In a non-browser environment you
get different behaviour. For one, I'd prefer not to have this
behaviour.

Is that a comment on the compatibility risk or the security benefit?

, Maciej

On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:

> Maciej Stachowiak wrote:
>> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
>>> Robert Sayre wrote:
>>>> I checked current browser behavior for this coercion to the global
>>>> object for array methods (as well as apply and call).
>>>>
>>>> Opera 9.61
>>>> Chrome Beta 1
>>>> Safari 3.1.2
>>>> Firefox 3.0.3
>>>>
>>>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>>>
>>>> It seems that the above implementations coerce null or undefined to
>>>> the global object for Array.map in this example, so Mozilla opposes
>>>> these changes.
>>>
>>> The change in behaviour was quite deliberate, and I had been under  
>>> the
>>> impression there was a concensus in favour of it. Removing the  
>>> coercion
>>> of 'this' to the global object is necessary to improve the safety  
>>> and
>>> security of ES3.1, IMHO.
>> Apple is also opposed to changing this behavior, at least without  
>> sufficient showing that the change is broadly compatible with Web  
>> content.
>> It is also not clear to me how it improves safety and security of  
>> ES 3.1. What is the threat model it protects against?
>
>
> As far as I understand it, the global object in a browser  
> environment has a length property indicating the number of frames.  
> If you call Array.map(null, fn) in a browser environment you will  
> enumerate the frames collection. In a non-browser environment you  
> get different behaviour. For one, I'd prefer not to have this  
> behaviour.

Is that a comment on the compatibility risk or the security benefit?

Regards,
Maciej

# Dean Edwards (17 years ago)

Maciej Stachowiak wrote:

On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:

Maciej Stachowiak wrote:

On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:

Robert Sayre wrote:

I checked current browser behavior for this coercion to the global object for array methods (as well as apply and call).

people.mozilla.com/~sayrer/2008/10/27/this.html

It seems that the above implementations coerce null or undefined to the global object for Array.map in this example, so Mozilla opposes these changes.

The change in behaviour was quite deliberate, and I had been under the impression there was a concensus in favour of it. Removing the coercion of 'this' to the global object is necessary to improve the safety and security of ES3.1, IMHO. Apple is also opposed to changing this behavior, at least without sufficient showing that the change is broadly compatible with Web content. It is also not clear to me how it improves safety and security of ES 3.1. What is the threat model it protects against?

As far as I understand it, the global object in a browser environment has a length property indicating the number of frames. If you call Array.map(null, fn) in a browser environment you will enumerate the frames collection. In a non-browser environment you get different behaviour. For one, I'd prefer not to have this behaviour.

Is that a comment on the compatibility risk or the security benefit?

Compatibility.

I assume this is why Mozilla want to change behaviour. This issue was brought up previously on this list.

If you enumerate null, usually nothing happens, but if you have frames (even iframes) then the behavior is different (you enumerate the frames). It's an annoying glitch, in a browser environment at least.

Maciej Stachowiak wrote:
> On Oct 27, 2008, at 5:13 PM, Dean Edwards wrote:
> 
>> Maciej Stachowiak wrote:
>>> On Oct 27, 2008, at 4:54 PM, David-Sarah Hopwood wrote:
>>>> Robert Sayre wrote:
>>>>> I checked current browser behavior for this coercion to the global
>>>>> object for array methods (as well as apply and call).
>>>>>
>>>>> http://people.mozilla.com/~sayrer/2008/10/27/this.html
>>>>>
>>>>> It seems that the above implementations coerce null or undefined to
>>>>> the global object for Array.map in this example, so Mozilla opposes
>>>>> these changes.
>>>>
>>>> The change in behaviour was quite deliberate, and I had been under the
>>>> impression there was a concensus in favour of it. Removing the coercion
>>>> of 'this' to the global object is necessary to improve the safety and
>>>> security of ES3.1, IMHO.
>>> Apple is also opposed to changing this behavior, at least without 
>>> sufficient showing that the change is broadly compatible with Web 
>>> content.
>>> It is also not clear to me how it improves safety and security of ES 
>>> 3.1. What is the threat model it protects against?
>>
>>
>> As far as I understand it, the global object in a browser environment 
>> has a length property indicating the number of frames. If you call 
>> Array.map(null, fn) in a browser environment you will enumerate the 
>> frames collection. In a non-browser environment you get different 
>> behaviour. For one, I'd prefer not to have this behaviour.
> 
> Is that a comment on the compatibility risk or the security benefit?

Compatibility.

I assume this is why Mozilla want to change behaviour. This issue was 
brought up previously on this list.

If you enumerate null, usually nothing happens, but if you have frames 
(even iframes) then the behavior is different (you enumerate the 
frames). It's an annoying glitch, in a browser environment at least.

-dean