Wednesday, July 2nd, 2008
Peter realized that the
eval(string, scope) support in Firefox meant that the private pattern could be gotten around and developers came out saying “doh!”
Mozilla was quick on the case, and Firefox has taken out support which we should see in Firefox 3.1.
What is interesting is John’s look at what happened. He points to Brendan:
This eval extension, if memory serves (I was in mozilla.org at the time, not in the JS group at Netscape) originated in conversations with Microsoft’s rep during ECMA-262 standardization, trying to reach agreement on a way to eval in other scopes.
Your privates are safe again (well, soon).
Posted by Dion Almaer at 2:58 pm