Private symbols auto-unwrapping proxies (was: Security Demands Simplicity (was: Private Slots))

Brendan Eich brendan at mozilla.com
Tue Jan 22 19:50:13 PST 2013


Brandon Benvie wrote:
> It is my opinion that the primary use case for private symbols is for 
> properties that proxies expressly shouldn't be given a chance, in any 
> manner, to corrupt or modify. They are likely used for sensitive 
> internal state that will only be accessed by methods or friend classes 
> created in service of the target.
>
> A membrane becomes less valuable if breaking the target is an easily 
> accomplished accidental side effect. This is already visible in 
> practice today when you attempt to use WeakMaps to create private 
> state for objects and they are proxied, since the private state will 
> be keyed on `this` in the constructor which won't match `this` in 
> methods invoked on the proxy.

ding ding ding ding ding ding....

/be


More information about the es-discuss mailing list