Subj : Re: object serialization To : Jens Thiele From : Brendan Eich Date : Wed Mar 24 2004 02:45 pm Jens Thiele wrote: > Brendan Eich wrote: > >>Brendan Eich wrote: >> >> >>>You can turn on JS_HAS_XDR_FREEZE_THAW via jsconfig.h. If you want it >>>on by default, you'll be opening up potential (not known) security >>>holes. It really should be configured on >> >> >>*only* >> >> >>>for embeddings that trust all scripts and the strings they thaw. >>> >>>/be > > => this is not an option for me Can you say more? It sounded like you wanted freeze and thaw working in the Debian-produced SpiderMonkey binaries. If that's not the issue, is it that you have to cope with untrusted scripts in your embedding? > other solutions? > perhaps a pure javascript solution out there? Sure, you can do a pure-JS solution, although in general it requires marking objects (setting properties on this). If you wish to target SpiderMonkey only, then you might use uneval. But any of these pure JS approaches has trouble dealing with native objects and private data; also with efficiently compressed encoding. /be .