Security Demands Simplicity (was: Private Slots)

Allen Wirfs-Brock allen at
Sun Jan 20 17:07:27 PST 2013

On Jan 20, 2013, at 4:46 PM, Brandon Benvie wrote:

>   Err I take it back. They can be implemented in terms of private symbols, but every access has to be guarded with a hasOwn check which would be observable to a Proxy.

Well, proxy observability is the topic of discussion.  they wouldn't be observable via the proposal I floated in an earlier message.


> On Sunday, January 20, 2013, Brandon Benvie wrote:
> On Sunday, January 20, 2013, Allen Wirfs-Brock wrote:
> I'm not sure if you are getting at something other than what I've described above.  If a @@DateValue private symbol is actually used as the implementation of [[DateValue]] then actuality that would happen.
> I explored implementing [[DateValue]], [[NumberValue]], etc. as symbols e.g. @@DateValue, but this causes observably different behavior from what is specified with a.) inheritance, and b.) interaction with proxies. 
>     Object.create(new Date).getDate(); // works but is specified to not work
>     new Proxy(new Date, {}).getDate(); // works but is specified to not work
> Since Proxy is new in ES6 this of course can still be fixed, but to make the first case work would be a (probably benign) backward incompatible change and isn't going to work cross-engine unless the spec is changed to explicitly allow/require it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list