Mike Samuel
Mike Samuel
@domenic Thanks for explaining. Please interpret that as meaning that ISE will seek to block the equivalent of stage 2 for this proposal in all standards fora unless it is...
@benjamingr I'm not sure I understand. The purpose of documenting a design goal is to constrain which mechanisms are used by a design. If the mechanism chosen is unmitigable then...
> I'm asking if "don't allow imports from std:global" isn't a viable strategy to mitigate the "unmitigable" part in security sensitive code. Good question. Probably not. Bans of widely used...
@benjamingr Third-party code runs at the suffrance of first-party code. It is the first-party code that the user has trusted so the web platform should privilege first-party code over third-party...
In PHP one writes ``` PHP preg_replace("/foo/i", ...) ``` so there's certainly precedent for having two layers of delimiters and we could look at whether this is a source of...
ljharb, please excuse my ignorance. Are custom delimiters in PHP perl-like?: ``` perl $foo =~ m(I want to use '/' in my regex but don't need parentheses); ``` I see...
> ``` js > RegExp.make('igm')`${blah}blah${blah}` > ``` > > looks like something crazy. Anywhere flags should be added after source. zloirock, I agree that inverting the order is counter-intuitive. I...
So throw on errors in literal sections per [early errors](http://www.ecma-international.org/ecma-262/5.1/#sec-16) but should never throw because of an interpolated value?
Fair enough. So constructs that are problematic from [regexp_match_web_reality](http://wiki.ecmascript.org/doku.php?id=harmony:regexp_match_web_reality): 1. `\c` not followed by a control code 2. `\x` not followed by 2 x hex and `\u` not followed by...
Agreed on `(?${input})`. To summarize: We should fail on interpolations in some contexts. - `\c${...}` - `\u${...}` - `\x${...}` - `(?${...}`)` Re lookbehind, should we dissallow interplations in - `(?