Return-Path: X-Original-To: apmail-incubator-flex-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-flex-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8191E9F98 for ; Fri, 24 Feb 2012 13:37:50 +0000 (UTC) Received: (qmail 86160 invoked by uid 500); 24 Feb 2012 13:37:49 -0000 Delivered-To: apmail-incubator-flex-dev-archive@incubator.apache.org Received: (qmail 86131 invoked by uid 500); 24 Feb 2012 13:37:49 -0000 Mailing-List: contact flex-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: flex-dev@incubator.apache.org Delivered-To: mailing list flex-dev@incubator.apache.org Received: (qmail 86122 invoked by uid 99); 24 Feb 2012 13:37:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2012 13:37:49 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of olegsivokon@gmail.com designates 209.85.210.175 as permitted sender) Received: from [209.85.210.175] (HELO mail-iy0-f175.google.com) (209.85.210.175) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2012 13:37:42 +0000 Received: by iaby12 with SMTP id y12so3252771iab.6 for ; Fri, 24 Feb 2012 05:37:21 -0800 (PST) Received-SPF: pass (google.com: domain of olegsivokon@gmail.com designates 10.50.194.233 as permitted sender) client-ip=10.50.194.233; Authentication-Results: mr.google.com; spf=pass (google.com: domain of olegsivokon@gmail.com designates 10.50.194.233 as permitted sender) smtp.mail=olegsivokon@gmail.com; dkim=pass header.i=olegsivokon@gmail.com Received: from mr.google.com ([10.50.194.233]) by 10.50.194.233 with SMTP id hz9mr2927348igc.11.1330090640991 (num_hops = 1); Fri, 24 Feb 2012 05:37:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=X+AVSToUTkxqpHN1kMZdQNqf6O+e68XMlZeVTT7+LcU=; b=NIzOJVdYGRkQ+IcQ5RJAFrQr8gg0Bceji21Jf7Zpbvv7ZnM52hR91RJzZrmYju7928 o9DKHqWgw1JQtiibNflbkwtMnEaQ+FkvyGz7vsqgf2u8eYwnim3GHZ+5hgg5uvVeSmcE AcC1gxDvU4TJKVwEgieg/wV+8AXEBn28m+Dec= MIME-Version: 1.0 Received: by 10.50.194.233 with SMTP id hz9mr2354963igc.11.1330090640951; Fri, 24 Feb 2012 05:37:20 -0800 (PST) Received: by 10.42.224.132 with HTTP; Fri, 24 Feb 2012 05:37:16 -0800 (PST) In-Reply-To: References: Date: Fri, 24 Feb 2012 15:37:16 +0200 Message-ID: Subject: Re: [CODE] Short cleanup From: Left Right To: flex-dev@incubator.apache.org Content-Type: multipart/alternative; boundary=14dae9340c7d2c496d04b9b5dc0a X-Virus-Checked: Checked by ClamAV on apache.org --14dae9340c7d2c496d04b9b5dc0a Content-Type: text/plain; charset=ISO-8859-1 > > Left Right, > > What are the benefits / disadvantages of > > if (collection[item] !== undefined) ... > > versus > > if (item in collection) ... > These are two different things. The key may exist inside the hash, but be mapped to 'undefined', the other expression verifies whether the key exists at all. It will have particular meaning to you, wen you serialize objects, because the serialized version will differ, and, if you wanted to compare hashes, for example, the comparison would fail. *sigh* ECMAScript... OK, what I said may be harsh, but, you cannot afford this kind of mistakes in the code that is, practically, an extension to the language...I wasn't trying to be rude in particular towards any specific person. I rather express my uttermost disappointment of Adobe policies with regard to how they planned and built the framework. Sorry, I'm doing that rather too often. Thanks for the detailed explanation. .hasOwnProperty is used at many places > within the Flex SDK. > Unfortunately, Flex SDK is not an example of a high quality code, so, judging by how things were accomplished there is unlikely to get you good image of AS3. The case with toString() is slightly different - however it is defined on Object.prototype, many classes override it, and the AVM method resolution works in the way that it will use the toString() declared in the most precise subclass of an Object, before it will use the toString() declared in Object. More yet, some Flash classes, such as those that extend EventDispatcher override toString() natively, Event-extending classes do that too. I didn't see any framework code that would implement toString() like so: public const toString:Function = function(x):String { return whatever; } so it's unlikely that any data would fall through to the "forged" implementation (numeric classes override toString()). yet, it's not unlikely, if you consider the situation, when someone is trying to pass an untyped object, and later, assuming some property is a numeric type calls toString(16). However, there's little profit for the imaginary attacker in discovering this implementation detail... but when someone does: xml.user.(hasOwnProperty("@secret") && @secret) this is likely to be exploited. --14dae9340c7d2c496d04b9b5dc0a--