Private symbols vs property attributes

Mark S. Miller erights at
Wed Feb 13 12:56:54 PST 2013

On Wed, Feb 13, 2013 at 11:17 AM, Tom Van Cutsem < at> wrote:

> 2013/2/10 Mark Miller <erights at>
>> How does this interact with Proxies[1]? I know the answer probably starts
>> with "whitelist", but let's spell it out in this context, and test it
>> against the 8 membrane transparency cases previously discussed.
> When thinking about symbol "leaks", we must consider two cases:
> a) leaking a symbol by having it show up in reflective query methods on
> ordinary objects
> b) leaking a symbol by inadvertently applying a symbol-keyed operation on
> a proxy
> Andreas' proposal of having a symbol's enumerability depend on a property
> attribute makes a lot of sense and deals with problem a). OTOH, it does not
> address leaks of type b). In order to prevent those, proxies currently use
> the whitelist.
> If we lose the a-priori distinction between unique and private symbols and
> introduce only 1 type of symbol, then proxies must treat all symbols like
> they currently treat private symbols.
> The annoying thing about that is that well-known symbols like @@create and
> @@iterator must be explicitly added to a proxy's whitelist in order for the
> proxy to intercept them, but at least it's doable.
> W.r.t. membranes, AFAICT this proposal changes nothing re. the interaction
> between private symbols and proxies. Membranes would still need the
> "unknownPrivateSymbol" trap to stop unknown private symbol access from
> piercing the membrane.

AFAICT, that trap wouldn't provide transparency for the membrane crossing
cases. Is there anything about this new proposal that could improve on that?

> Cheers,
> Tom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list