Private Names and Methods

Russell Leggett russell.leggett at gmail.com
Fri Apr 6 14:36:50 PDT 2012


On Fri, Apr 6, 2012 at 2:58 PM, Brendan Eich <brendan at mozilla.org> wrote:

> Russell Leggett wrote:
>
>> And would result in copying all of the properties from myMixin into the
>> object literal.
>>
>
> Including the private-named properties? That would be bad for integrity:
> Alice can't give Bob an object-as-capability where the private names stay
> private. Bob can extract them via this hypothetical spread-in-braces and
> then abuse them (e.g. to brand a counterfeit object and fool Carol into
> thinking it was from Alice).


Yes, I thought I was following a train of thought when you said, "Is having
only the literal-RHS-only special form too restrictive? It could be wrapped
in an API usable from downrev script, but this means implementors of mixins
must use ES6 even though consumers can use pre-ES6," but I misunderstood
where you were going.

You're right about the integrity, in that use case, but preventing it
across the board does certainly limit many other legitimate use cases.
Could we make names more configurable? I know that there is a suggestion
for a visibility flag in the private names proposal. I think this is a case
somewhere in between. Access through for...in would actually allow full
manipulation of the object property. Copying through the spread operator is
not nearly as insecure.

Or instead of the flag being related to the name, it could just be on the
property, just like enumerable, although that might not be the best
semantics.

- Russ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120406/fb017e87/attachment.html>


More information about the es-discuss mailing list