Security Demands Simplicity (was: Private Slots)

Tom Van Cutsem tomvc.be at gmail.com
Mon Jan 21 13:31:57 PST 2013


2013/1/21 Kevin Smith <khs4473 at gmail.com>

>
>
> A root  problem is that on method invocations through a proxy methods of
>> the target object are invoked with the proxy, rather than the target, as
>> the this value.  This means that any assumption the methods have about
>> valid this values are broken.
>>
>
> I believe this is correct.  It is a separate proxy issue not directly
> related to WeakMap/private symbol debate.
>

Indeed. But in Javascript, methods shouldn't (in general) make any
assumptions about their |this| values. The |this| value can be any random
object. It's just the zeroth parameter to a function. That's why in
traits.js (which was designed for high-integrity abstractions) we decided
to .bind() all methods so the |this| value could be relied upon.

Let's talk through Allen and Brandon's suggestion of auto-unwrapping
private symbol access on proxies.
If a membrane can intercept all exchanged private symbols I think this
could be made to work.

Cheers,
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130121/952c8a94/attachment-0001.html>


More information about the es-discuss mailing list