Alternative proposal to privateName.public

David Bruant bruant.d at gmail.com
Mon Dec 26 10:24:16 PST 2011


Le 26/12/2011 17:27, Erik Corry a écrit :
> 2011/12/26 David Bruant <bruant.d at gmail.com>:
>> Le 26/12/2011 16:37, Erik Corry a écrit :
>>> 2011/12/26 David Bruant <bruant.d at gmail.com>:
>>>> Le 26/12/2011 15:56, Erik Corry a écrit :
>>>>> I don't see how you need anything new in the language to support unique names.
>>>>>
>>>>>
>>>>> var newUniqueName = (function() {
>>>>>   var counter = 0;
>>>>>   return function () {
>>>>>     return "__uniquename__" + counter++;
>>>>>   };
>>>>> })();
>>>> I think that in the proposal, the definition of "unique" is "unique
>>>> across the program".
>>>> And this can't be achieved in JavaScript since no program can know, at a
>>>> given time, which names are used and which are not. It also cannot know
>>>> which names will be generated (this last part is undecidable anyway).
>>> This can be fixed by convention.  As long as there is only one
>>> uniqueName function then the names it makes will be unique.  To ensure
>>> there is only one it can be installed like so:
>>>
>>> if (!Object.newUniqueName) Object.newUniqueName = (...  // See above.
>>>
>>> The __uniqueName__ string above can be replaced with something like
>>> __i_have_read_and_abide_by_the_unique_name_convention__
>> I does not prevent conflicts. Only the likelyhood of conflicts since the
>> name can be forged by other means than output of your function. In some
>> applications it will be fine enough. In some others it won't.
> You stated that the unique names are "fully visible to for..in,
> Object.getOwnPropertyNames, and proxies".  At that point there is no
> sense in worrying about forged unique names.  Anyone can get hold of
> the unique name just by looking at an object that uses it.  Making the
> unique names unforgeable doesn't help you if the original is there for
> the picking.
I agree that unique names have a limited use when it comes to security,
but the unforgeability property prevents conflicts. That's the use case
that has been found for them in the private name proposal [1]: "This
would be useful for e.g. modular monkey-patching."

David

[1] http://wiki.ecmascript.org/doku.php?id=harmony:private_name_objects


More information about the es-discuss mailing list