Proxy questions

Kevin Smith khs4473 at gmail.com
Mon Jan 21 18:23:00 PST 2013


> I want to stress this again: proxies, for all operations they can
> intercept, can always decide to go into an infinite loop or throw.
> If they do throw, they can't "hide" their attack from your code. In that
> sense they don't violate the code's integrity. The "invariant enforcement"
> mechanism is based on the same assumptions: if the proxy detects that the
> handler behaves badly, throw to signal the problem.
>
> The alternative to throwing would be for proxies to absorb any exceptions
> thrown by traps, but that would be worse (silent failures).
>

Sure.

Quoting you from the other thread:


> Indeed. But in Javascript, methods shouldn't (in general) make any
> assumptions about their |this| values.
>

OK - but we can't have it both ways.  We can't allow |this| to give us
access to "private" data (regardless of the implementation) *and also*
allow that |this| may be an untrusted proxy.  If |this| grants access to
private data, then it must be trustable.  Anything else is inherently risky.

{ Kevin }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130121/3dba6805/attachment.html>


More information about the es-discuss mailing list