callable objects ?

Brendan Eich brendan at
Wed Apr 18 16:32:19 PDT 2012

The issue you may be missing (sorry if I'm mis-reading your post) is: 
hostile proxy passed into module that detects private-named properties 
on incoming objects. If the proxy has a handler that traps get, e.g., 
the private name will leak and the hostile party can now use it to 
decorate a trojan.

So it seems to me the issue with direct proxies of whether the handler 
has a relevant trap for a given access matters.


Brandon Benvie wrote:
> Proxies seem to be able to support this well given a little bit of 
> extra specification. A proxy attempts to forward the apply/construct 
> action naively to its target. The result is it either succeeds or 
> doesn't, and the same invariant checks would apply (private names have 
> the same rules for configurability right?).
> The only difference is that a proxy won't know the result before 
> actually attempting to follow through, which means that private 
> non-configurable properties are a kind of booby trap if you *don't* 
> always forward everything.
> _______________________________________________
> es-discuss mailing list
> es-discuss at

More information about the es-discuss mailing list