Improving Function.prototype.bind

Mark S. Miller erights at google.com
Fri Jan 6 09:56:56 PST 2012 

On Fri, Jan 6, 2012 at 9:27 AM, Andrea Giammarchi <
andrea.giammarchi at gmail.com> wrote:

> that whole variable can be redefined or used as communication channel ...
> I really don't understand what is the problem.


The variable "Object"? No, in SES that's unassignable. As layered on ES5,
we enforce that simply by making globalObject.Object a non-writable
non-configurable data property.



>
> The returned bound once object could be frozen without problems but if the
> function is private with the gist I have posted:
>


Essentially yes. The returned bound object would have to be transitively
immutable, but in this case freeze may be enough. Of course, this can't be
a fix to "bind" since that would break bind's current behavior. But if it
were a new API as you suggest, that would no longer violate any principles,
I believe.

Separately, I do not believe the need for this is adequate to justify
adding a new API. But that's a completely different topic.



>
>  1. you cannot redefine Object.prototype at all
>  2. you cannot access single bound function/object from any other place
>
> If I have my own scope I want to do what's needed, this does not mean the
> problem does not exist, isn't it?
>
> In your case you have, as example, different problems with that WeakMap
>
>  1. everyone can WeakMap = function () {}; anywhere
>

Again, no they can't because all whitelisted global variables are
unassignable.



>  2. if already defined, the definition of Object getOwnPropertyDescriptor
> to avoid access to that "protected" variable will fail and throw an error
> ... isn't it? That does not look safe either
>  3. as you wrote, Proxy easily discover that secret
>  4. your implementation has same problem I am talking about ... trapped
> "protected/private" stuff others should not see
>
> Same stuff with my problem except even proxy won't be able to retrieve
> that bound function since no property is attached.
>
> I can't hardly believe you are so worried about an edge case and you don't
> see the pachyderm we are all dealing with ... properties attached and
> accessible "from everyone" ... this is for you safe?
>
> Is obj.bound = obj.method.bind(obj) a better approach than the one I am
> suggesting ?
>
> I am sorry but I don't think so.
>

I don't think the benefits you explain are worth the cost of a new API. But
that's separate from the security issue.



>
> Best Regards
>
>
> On Fri, Jan 6, 2012 at 6:03 PM, Mark S. Miller <erights at google.com> wrote:
>
>> On Fri, Jan 6, 2012 at 1:50 AM, David Bruant <bruant.d at gmail.com> wrote:
>>
>>>  Le 06/01/2012 10:40, Andrea Giammarchi a écrit :
>>>
>>> if WeakMaps are so smart ... it means we cannot shim them without
>>> causing leaks in non WeakMap ready browsers since no magic will
>>> happen,objects as keys will simply be persistent in the WeakMap private
>>> scope
>>>
>>> Indeed. Also, Mark Miller mentionned a couple of times that the SES
>>> polyfill [1] leaks less than one could expect. I haven't taken the time to
>>> look into that but it's probably worth mentionning.
>>>
>>
>> And it's probably worth looking into ;)
>>
>>
>>>  [1]
>>> http://code.google.com/p/es-lab/source/browse/trunk/src/ses/WeakMap.js
>>>
>>>
>>>
>> --
>>     Cheers,
>>     --MarkM
>>
>
>


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120106/b789abab/attachment.html>

More information about the es-discuss mailing list