eval(’foo=a’, obj.fn); How you will be private in Firefox 3.1
Written by on July 2nd, 2008 in Ajax News.
Peter realized that the eval(string, scope) support in Firefox meant that the private pattern could be gotten around and developers came out saying “doh!”
Mozilla was quick on the case, and Firefox has taken out support which we should see in Firefox 3.1.
What is interesting is John’s look at what happened. He points to Brendan:
3.2 <fur> 1998-04-23 17:30: Initial checkin of JavaScript 1.3, migrated from JSFUN13_BRANCH in /m/ src repository
This eval extension, if memory serves (I was in mozilla.org at the time, not in the JS group at Netscape) originated in conversations with Microsoft’s rep during ECMA-262 standardization, trying to reach agreement on a way to eval in other scopes.
Your privates are safe again (well, soon).
Source: Ajaxian
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/325155719/eval%e2%80%99fooa%e2%80%99-objfn-how-you-will-be-private-in-firefox-31