Security Demands Simplicity (was: Private Slots)

David Bruant bruant.d at gmail.com
Sat Jan 19 10:35:56 PST 2013


Le 19/01/2013 19:04, Kevin Smith a écrit :
>
>
>     It calls the unknownPrivateSymbol trap. If the trap throws, the
>     operation fails. In all other cases (no trap or trap which doesn't
>     throw), it's forwarded.
>
>
> And can frozen objects be proxy targets, or no?
Yes they can.

> More generally, can a proxy effectively override the behavior of a 
> non-configurable, non-writable property on the target?
>
>     var target = Object.create(null, { foo: { writable: false, 
> configurable: false, value: 1 } });
>
>     var proxy = new Proxy(target, {
>       get(obj, name) { return name === "foo" ? 0 : obj[name]; }
>     });
>
>     console.log(target.foo); // 1
>     console.log(proxy.foo); // 0
>
> This this allowed?
It is not. At the exit of the get trap, the JS engine checks whether 
invariants should be enforced for the given property on the target. In 
your case, the runtime sees that the target has a non-configurable 
non-writable property called 'foo' with 1 as value. When you try to 
return 0, it will throw a TypeError because of invariant violation. You 
can read about invariants at 
http://wiki.ecmascript.org/doku.php?id=harmony:direct_proxies#invariant_enforcement

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130119/61c40fce/attachment.html>


More information about the es-discuss mailing list