Proposal About Private Symbol

Kevin Smith zenparsing at gmail.com
Sat Dec 20 19:48:37 PST 2014


>
> >2. They would not invoke any traps on proxies.
> >3. They would not tunnel through proxies to proxy targets.
> >4. Getting a private-symbol-keyed property would not traverse the
> prototype chain of the object (perhaps arguable).
> Unnecessary, as long as symbol doesn't leak to external environment, I
> don't think we need to impose these constraints. Without these constraints
> I did not see any problems there.
>

You simply cannot allow 2 and 3 and still call them private symbols.  If
you allow 2, then an attacker can discover private symbols by creating a
proxy for an object which uses them in one of its methods.  If you allow 3,
then private symbols are an unmediated communication channel across
membranes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20141220/6dc5e4ed/attachment.html>


More information about the es-discuss mailing list