Private symbols vs property attributes

Mark S. Miller erights at google.com
Wed Feb 13 12:56:54 PST 2013


On Wed, Feb 13, 2013 at 11:17 AM, Tom Van Cutsem <tomvc.be at gmail.com> wrote:

> 2013/2/10 Mark Miller <erights at gmail.com>
>
>> How does this interact with Proxies[1]? I know the answer probably starts
>> with "whitelist", but let's spell it out in this context, and test it
>> against the 8 membrane transparency cases previously discussed.
>>
>
> When thinking about symbol "leaks", we must consider two cases:
> a) leaking a symbol by having it show up in reflective query methods on
> ordinary objects
> b) leaking a symbol by inadvertently applying a symbol-keyed operation on
> a proxy
>
> Andreas' proposal of having a symbol's enumerability depend on a property
> attribute makes a lot of sense and deals with problem a). OTOH, it does not
> address leaks of type b). In order to prevent those, proxies currently use
> the whitelist.
>
> If we lose the a-priori distinction between unique and private symbols and
> introduce only 1 type of symbol, then proxies must treat all symbols like
> they currently treat private symbols.
>
> The annoying thing about that is that well-known symbols like @@create and
> @@iterator must be explicitly added to a proxy's whitelist in order for the
> proxy to intercept them, but at least it's doable.
>
> W.r.t. membranes, AFAICT this proposal changes nothing re. the interaction
> between private symbols and proxies. Membranes would still need the
> "unknownPrivateSymbol" trap to stop unknown private symbol access from
> piercing the membrane.
>

AFAICT, that trap wouldn't provide transparency for the membrane crossing
cases. Is there anything about this new proposal that could improve on that?



>
> Cheers,
> Tom
>



-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130213/d679f02d/attachment.html>


More information about the es-discuss mailing list