custom cross-realm brand checking

Jordan Harband ljharb at
Mon Oct 1 23:48:10 UTC 2018

Function.prototype.toString wouldn't suffice as a verification - you could
reconstruct it with eval, in many cases - and refactoring the
implementation shouldn't force a change in the identity of a function.

On Mon, Oct 1, 2018 at 2:13 PM Richard Gibson <richard.gibson at>

> One of the topics discussed in the final breakouts of last week's TC39
> meeting was something like "self-hosted implementation of cross-realm
> internal slots". I facetiously joked about using the global symbol registry
> (which is shared across realms), but it was pointed out that such a
> mechanism would not be private.
> I've been thinking about it since, and I believe that the current surface
> area of the language is sufficient for this to be possible without
> introducing something like private symbols—specifically by using built-in
> functions whose identity (regardless of originating realm) is verified with
> Function.prototype.toString.
> There's a demonstration of using this technique to build custom
> brand-sharing classes of the sort that could trust each other across
> realms, and I'd love to get some feedback on it:
> . If this actually is as robust as it seems
> to be, then it can also be a foundation for cross-realm access to custom
> analogs of internal slots.
> _______________________________________________
> es-discuss mailing list
> es-discuss at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list