unknownPrivateSymbol trap (was: WeakMap better than Private Symbols? (was: direct_proxies "problem"))

Brendan Eich brendan at mozilla.com
Thu Jan 10 13:37:57 PST 2013


David Bruant wrote:
> [Cc'ing Tom and Mark to be sure there is agreement on what I'm 
> claiming in this message]
>
> Le 10/01/2013 22:10, Brendan Eich a écrit :
>> Nathan Wall wrote:
>>>> Brendan Eich:
>>>>> No, not if the symbol is not in the whitelist. Zero information 
>>>>> leak is
>>>>> required.
>>>> That's good news too. Objection withdrawn.
>>>
>>> Maybe I gave up too easy :). Is the `unknownPrivateSymbol` trap 
>>> called? What's the rationale for this trap?
>>
>> I just wrote that the trap is not even called if the symbol is not in 
>> the whitelist passed in when the proxy is created.
> No, the unknownPrivateSymbol trap is called when the symbol is not in 
> the whitelist, so, as Nathan fears, a malicious proxy could throw and 
> cancel the access to the private property.

Of course, and my description was for a "knownPrivateSymbol" trap! Shows 
how much I know :-P. Waiting to hear from Tom on this. Thanks to Nathan 
for being a squeaky wheel.

> I think the return true/false protocol should be replaced by a 
> return/throw protocol (return value is ignored). It'd be much more 
> explicit this way.

Agreed.

/be


More information about the es-discuss mailing list