SecureEcmaScript
SES (Secure EcmaScript)
How does draft SES (Secure EcmaScript) differ from ES5?In a frame of a secureable ES5 in which initSES.js has been run, either prior to other scripts or in cooperation with other scripts, the resulting "language" as seen by that frame's new eval and Function bindings differs from full ES5 in the following ways:
By analogy with Operating systems, let's call code imported through eval or Function user code, and code run directly in the frame, not through eval or Function, privileged code. The first four restrictions above apply to privileged code in that frame as well. However, since privileged code is able to address the real global object and its host-defined properties, it still has access to the authority the browser provides to JavaScript executing in that frame. It is therefore in a position to subdivide this authority, and hand out the resulting attenuated authority to imported user code, on a least authority basis, by providing objects (such as DOM wrappers) whose behavior represents this attenuated authority. As driven by the realization that it was possible to achieve the above restrictions on upcoming ES5 implementations (assuming they are secureable), and with the goal of defining an SES that is minimally different from ES5, these seem like a good candidate list for the defining differences between SES and ES5. However, this currently has only the status of a strawman to be proposed to the EcmaScript committee. |
hahaha, the last paragraph is basically saying that the list isn't' official. Am I correct?
If by "official" you mean "approved by a standards organization", yes you are correct. That's what "draft" and "strawman" means.