Security Demands Simplicity (was: Private Slots)
brendan at mozilla.com
Mon Jan 21 12:54:03 PST 2013
Kevin Smith wrote:
> A root problem is that on method invocations through a proxy
> methods of the target object are invoked with the proxy, rather
> than the target, as the this value. This means that any
> assumption the methods have about valid this values are broken.
> I believe this is correct. It is a separate proxy issue not directly
> related to WeakMap/private symbol debate.
That's right. It is not identital too, or completely overlapping with,
the private member access that comes up with the other proposals -- not
all such accesses involve |this|.
Note also that in the browser JS embedding, it is crucial that |this|
bind to the WindowProxy, not the Window (the object at the top of the
scope chain). FWIW, and we do hope to keep ES6 Proxy and WindowProxy
aligned so that implementations could use the former (via internal C++
APIs at first, no doubt) to implement the latter.
More information about the es-discuss