Security Demands Simplicity (was: Private Slots)

Tom Van Cutsem at
Mon Jan 21 13:31:57 PST 2013

2013/1/21 Kevin Smith <khs4473 at>

> A root  problem is that on method invocations through a proxy methods of
>> the target object are invoked with the proxy, rather than the target, as
>> the this value.  This means that any assumption the methods have about
>> valid this values are broken.
> I believe this is correct.  It is a separate proxy issue not directly
> related to WeakMap/private symbol debate.

Indeed. But in Javascript, methods shouldn't (in general) make any
assumptions about their |this| values. The |this| value can be any random
object. It's just the zeroth parameter to a function. That's why in
traits.js (which was designed for high-integrity abstractions) we decided
to .bind() all methods so the |this| value could be relied upon.

Let's talk through Allen and Brandon's suggestion of auto-unwrapping
private symbol access on proxies.
If a membrane can intercept all exchanged private symbols I think this
could be made to work.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list