Security Demands Simplicity (was: Private Slots)
bruant.d at gmail.com
Sun Jan 20 06:37:30 PST 2013
Le 20/01/2013 06:36, Kevin Smith a écrit :
> It is not. At the exit of the get trap, the JS engine checks
> whether invariants should be enforced for the given property on
> the target. In your case, the runtime sees that the target has a
> non-configurable non-writable property called 'foo' with 1 as
> value. When you try to return 0, it will throw a TypeError because
> of invariant violation. You can read about invariants at
> Excellent - thanks for the link! One more: What is the reason for
> not providing an API for unwrapping a proxy (e.g. your
If anyone can unwrap proxies, then the security benefits they provide
are virtually non-existent akin to the Reflect API in Java.
It's possible to implement such a function yourself and expose it for
some of your proxies, but it should be an opt-in, not something
available by default to everyone in the language.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss