callable objects ?
brendan at mozilla.org
Wed Apr 18 16:32:19 PDT 2012
The issue you may be missing (sorry if I'm mis-reading your post) is:
hostile proxy passed into module that detects private-named properties
on incoming objects. If the proxy has a handler that traps get, e.g.,
the private name will leak and the hostile party can now use it to
decorate a trojan.
So it seems to me the issue with direct proxies of whether the handler
has a relevant trap for a given access matters.
Brandon Benvie wrote:
> Proxies seem to be able to support this well given a little bit of
> extra specification. A proxy attempts to forward the apply/construct
> action naively to its target. The result is it either succeeds or
> doesn't, and the same invariant checks would apply (private names have
> the same rules for configurability right?).
> The only difference is that a proxy won't know the result before
> actually attempting to follow through, which means that private
> non-configurable properties are a kind of booby trap if you *don't*
> always forward everything.
> es-discuss mailing list
> es-discuss at mozilla.org
More information about the es-discuss