Proxy questions

Kevin Smith khs4473 at
Mon Jan 21 18:23:00 PST 2013

> I want to stress this again: proxies, for all operations they can
> intercept, can always decide to go into an infinite loop or throw.
> If they do throw, they can't "hide" their attack from your code. In that
> sense they don't violate the code's integrity. The "invariant enforcement"
> mechanism is based on the same assumptions: if the proxy detects that the
> handler behaves badly, throw to signal the problem.
> The alternative to throwing would be for proxies to absorb any exceptions
> thrown by traps, but that would be worse (silent failures).


Quoting you from the other thread:

> Indeed. But in Javascript, methods shouldn't (in general) make any
> assumptions about their |this| values.

OK - but we can't have it both ways.  We can't allow |this| to give us
access to "private" data (regardless of the implementation) *and also*
allow that |this| may be an untrusted proxy.  If |this| grants access to
private data, then it must be trustable.  Anything else is inherently risky.

{ Kevin }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list