Security Demands Simplicity (was: Private Slots)

David Bruant bruant.d at gmail.com
Sat Jan 19 08:24:37 PST 2013


Le 19/01/2013 16:30, Kevin Smith a écrit :
>
>     The interaction between private syntax and proxies has the
>     following components:
>     1) Do the proxy and the target act the same regarding private
>     properties?
>     The answer is yes with whitelisted private symbols, no with naive
>     weakmap-expanded private syntax (I explain non-naive below)
>
>
> What happens if the private symbol is not on the whitelist?  Does the 
> private symbol get/set operation get forwarded to the target, or does 
> it fail?
It calls the unknownPrivateSymbol trap. If the trap throws, the 
operation fails. In all other cases (no trap or trap which doesn't 
throw), it's forwarded.
I made the assumption that private syntax result in whitelisted symbols 
and that's actually a non-trivial assumption... hmm... it's actually a 
false assumption. Somehow, the private symbols generated from private 
syntax would need to be exposed by the class or something to be added to 
the whitelist set when a proxy wants to transparently wrap class 
instances. This would force to violate the class encapsulation.
This means that for proxies to work with class instances, private syntax 
has to expand to something else than private symbols. WeakMap being 
first choice obviously and the necessity of private symbols become more 
and more questionable.

> (Sorry for the remedial question.)
No worries. Sorry for being too quick in my explanations ;-)

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130119/15ccac03/attachment.html>


More information about the es-discuss mailing list