Private symbols vs property attributes
Mark S. Miller
erights at google.com
Wed Feb 13 12:56:54 PST 2013
On Wed, Feb 13, 2013 at 11:17 AM, Tom Van Cutsem <tomvc.be at gmail.com> wrote:
> 2013/2/10 Mark Miller <erights at gmail.com>
>> How does this interact with Proxies? I know the answer probably starts
>> with "whitelist", but let's spell it out in this context, and test it
>> against the 8 membrane transparency cases previously discussed.
> When thinking about symbol "leaks", we must consider two cases:
> a) leaking a symbol by having it show up in reflective query methods on
> ordinary objects
> b) leaking a symbol by inadvertently applying a symbol-keyed operation on
> a proxy
> Andreas' proposal of having a symbol's enumerability depend on a property
> attribute makes a lot of sense and deals with problem a). OTOH, it does not
> address leaks of type b). In order to prevent those, proxies currently use
> the whitelist.
> If we lose the a-priori distinction between unique and private symbols and
> introduce only 1 type of symbol, then proxies must treat all symbols like
> they currently treat private symbols.
> The annoying thing about that is that well-known symbols like @@create and
> @@iterator must be explicitly added to a proxy's whitelist in order for the
> proxy to intercept them, but at least it's doable.
> W.r.t. membranes, AFAICT this proposal changes nothing re. the interaction
> between private symbols and proxies. Membranes would still need the
> "unknownPrivateSymbol" trap to stop unknown private symbol access from
> piercing the membrane.
AFAICT, that trap wouldn't provide transparency for the membrane crossing
cases. Is there anything about this new proposal that could improve on that?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss