brendan at mozilla.com
Mon Jan 21 20:27:49 PST 2013
Kevin Smith wrote:
> OK - but we can't have it both ways. We can't allow |this| to give us
> access to "private" data (regardless of the implementation) *and also*
> allow that |this| may be an untrusted proxy. If |this| grants access
> to private data, then it must be trustable. Anything else is
> inherently risky.
Who said otherwise?
First, as Tom noted, |this| binding in JS is dynamic unless you opt out.
Second, private symbols need not leak. We have had several designs to
avoid leakage, and Tom' s advocating another that could work.
I know, you want to get rid of (defer, let's say) private symbols. But
no one is trying to have it "both ways". Everyone wants to avoid private
symbol leaks via proxies, in the face of dynamic |this| and other
hazards of JS not related to |this|.
More information about the es-discuss