Why not private symbols?

David Bruant bruant.d at gmail.com
Fri Aug 2 13:25:13 PDT 2013


Le 02/08/2013 22:18, Brendan Eich a écrit :
> Practically speaking, given dynamic-this-binding by default in JS, 
> it's too easy to access a foreign object with an important name 
> (private symbol in the hypothesis). It will happen. You will leak it. 
> It can then be used to attack you.
Sketched a proposal for functions to defend themselves over at 
https://mail.mozilla.org/pipermail/es-discuss/2013-July/032370.html
Class syntax could enable it by default.

Probably not perfect, but seems like it could work. At least, it 
balances out both proxies and functions ability to defend against one 
another.

David


More information about the es-discuss mailing list