"compatible descriptors" and how they are checked

David Bruant bruant.d at gmail.com
Wed Sep 19 02:44:02 PDT 2012


In the current state of the strawman [1], one security invariants for 
getOwnPropertyDescriptor is:
if property exists on target, check if the returned descriptor is 
I just wish to say on the list that it means that the following case throws:

var p = new Proxy({a:1}, {
getOwnPropertyDescriptor: function(target, name){
var desc;
if(name in target){
desc = Object.getOwnPropertyDescriptor(target, name);
desc.configurable = false;
return desc;
Object.getOwnPropertyDescriptor(p, 'a'); // throws

It throws because the proxy attempts to report a configurable property 
as non-configurable (it may not be clear from the phrasing "check if the 
returned descriptor is compatible").

Also, the wiki doesn't say how the check is being performed. It 
shouldn't matter, but if the target is itself a proxy, these details are 
exposed. It may mean that the getOwnPropertyDescriptor trap of the 
target is being called. I haven't formally proved it, but it seems that 
the check could also be performed on the "final target" directly, 
bypassing intermediary traps. I don't know which is best, but for sure 
this should be spec'ed to avoid interoperability issues.



More information about the es-discuss mailing list