
ECMAScript 5 released - fogus
http://www.infoq.com/news/2009/12/ecmascript5
======
sh1mmer
This is a good summary of the delta.

However, the article author didn't really explain why strict mode is
interesting. One of the core requirements of ECMAScript 3.1 (now 5) was to
make the language more secure.

For example, in strict mode you can't declare new variables which are eval'd.
This makes it harder to XSS. As does the reservation of eval (so it can't be
overridden) and the denial of access to the global object.

This is really important because using strict will not only make your
JavaScript better (more like "The Good Parts") but also more performant (less
global scope) and more secure.

------
walkon
Does anyone know what the browsers' plans are for implementing this? Hopefully
the next major version of Chrome, FF, and IE have it (properly) implemented.
Until then, it is hard to get excited as it will likely be quite awhile before
it's ubiquitous.

~~~
thristian
I don't know about the other browsers, but Mozilla's plans are here:
[https://developer.mozilla.org/En/JavaScript/ECMAScript_5_sup...](https://developer.mozilla.org/En/JavaScript/ECMAScript_5_support_in_Mozilla)

In summary, some Mozilla JS extensions from Firefox 3.0 have been adopted into
ECMAScript. Some ECMAScript 5 APIs have been added to Firefox 3.5, but not all
of them. All the browser vendors have put a lot of effort into ECMAScript 5,
so I'd expect they're willing to actually implement it, too.

------
steerpike
Ok, can anyone smarter than myself tell me if I'm justified in getting a
little bit excited about the 'freeze' function on objects that makes
properties read only? My first thought is that it sounds like a perfect first
line of defence in terms of being able to get trustworthy data back from the
client bundled up in a frozen object.

~~~
smanek
I'm a little unclear about what your proposing but, at first interpretation, I
don't think so ... What exactly are you suggesting you should use 'freeze' to
do?

As a rule of thumb, you can never trust anything the client sends you - just
assume he's a skilled hacker who is manually manipulating bits to do what he
wants.

------
wingo
Oooh neat. Maybe I should claim that the parts of the ES3.1 standard I didn't
implement were actually presaging ES5. Neat.

------
teilo
Finally! Javascript gets an "Option Explicit" ala "use strict;"

