name anonymous functions on property assignments
allen at wirfs-brock.com
Sun Jul 26 20:33:07 UTC 2015
On Jul 26, 2015, at 12:55 PM, Andrea Giammarchi wrote:
> with all due respect Allen, I'm completely against magic-function-name assignment for various reason and leaking ain't one.
Implicit function name property assignment is part of ES2015.
> What could you assign in ES6 that cannot be retrieved anyway through getOwnPropertySymbols and getOwnPropertyNames ? A triple-magic private Proxy handler or what?
A sandbox can censor getOwnPropertySymbol and other reflection functions.
> I mean, the moment you could access that method is the moment it could leak with or without a name, right?
> Just curious about what you had in mind, again I agree having this in is a no-go.
Just saying that an exposed property name is a different (and potentially more broadly exploitable) capability than exposing a local variable name.
TC39 reached consensus on automatically assigning the `name` property for expression forms like:
Identifier = FunctionExpression
and so it is part of ES2015. We did not have consensus on doing the same for:
MemberExpression.IdentifierName = FunctionExpression
MemberExpression[Expression] = FunctionExpression
so it is not part of ES2015. There were various objections that would have to be overcome before we could adopt that.
> Best Regards
> On Sun, Jul 26, 2015 at 8:48 PM, Allen Wirfs-Brock <allen at wirfs-brock.com> wrote:
> On Jul 26, 2015, at 5:11 AM, Benjamin Gruenbaum wrote:
> > In theory this sounds like a cool idea, I didn't even know variable assignments named functions.
> > The only issue I see here is how we're now differentiating assignment by where it happens - what if the property is computed? As far as I know function names are more constrained (like variable names) in what they can be. Object properties may contain characters that function names may not.
> the possibility that the property key is a symbol is a primary reason that this expression form does not set the `name` property.
> There may also be security concerns. The `name` property potentially leaks via the function object the name of the variable it is initially assigned to. But there isn't much someone could do with a local variable name, outside of the originating function. But a leaked property name potentially carries a greater capability.
> es-discuss mailing list
> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss