I just noticed that in the yui_module() we call the YUI use function incorrectly and effectively break sandboxing.

At present we call it like:

Y.use('some', 'mods', function(Y) { // do stuff. });

This makes use of a global instance of YUI on the Y namespace and means that each module that we include exists for all others. This has potential knock-on consequences to the sandbox.

We should be using:

YUI().use('some', 'mods', function(Y) { // do stuff. });

This create a clean instance of YUI, loads all of the modules in, and provides the newly created instance as the first parameter to the function it defines.

I've just tried making the change now, and found a few breakages because of it. Things like node-event-delegate have been polluting the global Y and leaking from module to module. This means that if the module which actually does correctly depend on node-event-delegate decides to stop doing so (and no other modules depend on it either), things all over Moodle will get flaky.

I think that we may be too late in the day to make this change for 2.5, but we should seriously looking at changing this very early on in the 2.6 lifecycle.