Would love to, but the numbers are looking pretty outrageous. ~4% of Beta channel page views accessed a clobbered variable in the last week.
-
-
-
How about an opt-in to disable it (in CSP?) and requiring this for extensions (e.g. first warning/report-only, gradually move to enforcing).
-
: Feature Policy seems like a good option, and forcing it for isolated worlds seems totally reasonable. File a bug?
@taviso -
Sounds good, I'll file one. It seems impossible anyone is relying on it for content scripts, and too easy mistake to make imo.
-
@zetafuncti0n already filed https://bugs.chromium.org/p/chromium/issues/detail?id=707486 …, maybe use it for discussions of all possible ideas?
-
Feature policy opt-in + wholly disabling it in isolated worlds is what I was thinking as well.
End of conversation
New conversation -
-
-
Echoing perl, the first statement in your JavaScript should be 'use strict';
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Google should explain why this shit is still allowed in Chrome. The most secure browser in the world. Right.
-
The fact that extensions can't be c++ but have to be javascript is shitty enough.
-
I think we may disagree about the positive impacts of shifting the extension system to C++.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.