Are Private name and Weak Map the same feature? and the Assoc API

Herby Vojčík herby at mailbox.sk
Mon Dec 19 02:48:52 PST 2011


Hello,

I see error here. Unless I misunderstood something, in present state it so 
that:

var n = Name();
proxy[n] // triggers handler.get(target, n.public);
proxy[n.public] // triggers handler.get(target, ToString(n.public));

and n.public is object, not string. So get handler can easily discriminate 
between string and public object. Yes I can forge it with {toString: 
function() { return "foo"; }}, but you can simply check n.public === name to 
see if the right public for the name was supplied (and if you don't know n, 
do not meddle with its affairs, it's none of your business), so I see no 
need for special trap, reasonably coded get cannot be fooled by calling 
proxy[n.public].

As for:

private name property get/set could bypass the proxy entirely and be 
forwarded unconditionally to the target, just like |typeof|, 
|Object.getPrototypeOf| and [[Class]].

please look at "Forward proxies with private names" thread. There I propose 
something in this line, but less strict and more powerful while still 
secure.

Herby


-----Pôvodná správa----- 
From: Tom Van Cutsem
Sent: Monday, December 19, 2011 11:03 AM
To: David Bruant
Cc: Brendan Eich ; es-discuss
Subject: Re: Are Private name and Weak Map the same feature? and the Assoc 
API

...



More information about the es-discuss mailing list