arrows and a proposed softCall

Angus Croll anguscroll at gmail.com
Sat Jun 2 22:03:58 PDT 2012 

related: are explicitly bound functions going to get a 'target' reference
to the unbound function in ES6? I've manually set this property many times
(mainly for debugging)

On Thu, May 31, 2012 at 9:05 PM, Mark S. Miller <erights at google.com> wrote:

> On Thu, May 31, 2012 at 7:44 PM, David Herman <dherman at mozilla.com> wrote:
> > On May 31, 2012, at 2:40 PM, Mark S. Miller wrote:
> >
> >>     if (isBoundOrWhateverWeCallIt(f)) {
> >>         //... do something
> >>     } else {
> >>         //... do something else
> >>     }
> >>
> >> If the predicate means what I think it should mean, I can offer some
> examples of when I would do this.
> >
> > Could you? I haven't yet understood what you want your predicate to mean
> or what you want it for.
>
> Take a look at slides 45 and 46 of
> http://www.infoq.com/presentations/Secure-Mashups-in-ECMAScript-5
>
> http://qconsf.com/dl/qcon-sanfran-2011/slides/MarkS.Miller_RemainingHazardsAndMitigatingPatternsOfSecureMashupsInEcmaScript5.pdf
>
> Rewind first to remind yourself of enough context to get the point.
>
> Rather than teach defensive programmers to write
> "(1,subscribers[+i])(publication);", I think it is both more robust
> and more teachable to teach them to do input validation where they
> accept a function that they expect to not be this-sensitive.
>
>    subscribe: function(subscriber) {
>        if (!isBoundThisOrWhateverWeCallIt(subscriber)) {
>            throw Error("only non-this-sensitive functions (such as
> bound functions) may be subscribers");
>        }
>        subscribers.push(subscriber);
>    }
>
> Amusingly, the example becomes exactly the inverse of Allen's,
> leveraging soundness rather than fighting incompleteness.
>
> We could instead make the subscribe method defensive by writing
>
>    subscribe: function(subscriber) {
>        subscribers.push(subscriber.bind(undefined));
>    }
>
> This would be as safe; it would successfully prevent the same attacks.
> When the attacks are due to malice, this would be as good -- better
> since it is simpler. But most "attacks" are actually accidents, not
> malice. This simpler alternative fails to give an early diagnostic to
> accidental attackers -- which is directly analogous to the test's
> purpose in Allen's code. The "(1,subscribers[+i])" technique shown on
> the slide has the same lack-of-early feedback problem.
>
> With the isBoundThisOrWhateverWeCallIt test as previously proposed,
> callers of subscribe can only successfully call it with either a fat
> arrow function or a bound function, which is often an unnecessary
> burden on these callers. With the test I propose, callers can also
> successfully call it with any function that neither mentions this nor
> contains a direct eval operator. The remaining false negatives of my
> test would cause only the minor annoyance of "unnecessarily" rejecting
> "safe" cases like
>
>    subscribe(function() { if (false) { doSomethingWith(this); } });
>
> --
>     Cheers,
>     --MarkM
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120602/be7f6849/attachment.html>

More information about the es-discuss mailing list