Private symbols auto-unwrapping proxies (was: Security Demands Simplicity (was: Private Slots))
Mark S. Miller
erights at google.com
Mon Jan 28 11:32:04 PST 2013
Hi Tom, as you and I discussed in chat, "(base case) there are no built-in
private symbols in a standard JS environment (i.e. all the built-in symbols
are unique)" is a bad misunderstanding of the utility of membranes.
Membranes (and membrane-like patterns) are useful and needed at many
finer-grains than realms. It is not safe to assume that no private symbols
exist on both sides of any membrane. I think proposal #1 is fatally
insecure. I'm glad you like #2.
Btw, there's a terminology problem, assuming you were referring to Joe-E's
distinctions: In Joe-E terminology, private symbols are *immutable* but not
*powerless*. (In E terms, private symbols are *DeepFrozen* but not *
DeepPassByCopy* or *Data*.)
On Mon, Jan 28, 2013 at 10:45 AM, Tom Van Cutsem <tomvc.be at gmail.com> wrote:
> I just wrote up a strawman on the wiki to summarize the recent debates
> about the interaction between proxies and private symbols:
> The page actually lists two proposals, out of which I prefer the second
> If I forgot some benefits/drawbacks of either approach, please speak up.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss