Security Demands Simplicity (was: Private Slots)

Allen Wirfs-Brock allen at wirfs-brock.com
Sun Jan 20 17:07:27 PST 2013


On Jan 20, 2013, at 4:46 PM, Brandon Benvie wrote:

>   Err I take it back. They can be implemented in terms of private symbols, but every access has to be guarded with a hasOwn check which would be observable to a Proxy.

Well, proxy observability is the topic of discussion.  they wouldn't be observable via the proposal I floated in an earlier message.

Allen




> 
> On Sunday, January 20, 2013, Brandon Benvie wrote:
> On Sunday, January 20, 2013, Allen Wirfs-Brock wrote:
> I'm not sure if you are getting at something other than what I've described above.  If a @@DateValue private symbol is actually used as the implementation of [[DateValue]] then actuality that would happen.
> 
> I explored implementing [[DateValue]], [[NumberValue]], etc. as symbols e.g. @@DateValue, but this causes observably different behavior from what is specified with a.) inheritance, and b.) interaction with proxies. 
> 
>     Object.create(new Date).getDate(); // works but is specified to not work
> 
>     new Proxy(new Date, {}).getDate(); // works but is specified to not work
> 
> Since Proxy is new in ES6 this of course can still be fixed, but to make the first case work would be a (probably benign) backward incompatible change and isn't going to work cross-engine unless the spec is changed to explicitly allow/require it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130120/18da4053/attachment.html>


More information about the es-discuss mailing list