<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Le 06/06/2014 17:47, Frankie Bagnardi a
      écrit :<br>
    </div>
    <blockquote
cite="mid:CADw0yCy02-gFFpRuAQz9VY6Yz0X1BLQeHEaNp0dsVzqzZmBFVA@mail.gmail.com"
      type="cite">
      <div dir="ltr"><font face="arial, sans-serif">Couldn't
          preventUndeclaredGet() be implemented with proxies? <br>
        </font></div>
    </blockquote>
    Yes it can. Doing it left as an exercise to the reader... Wait...
    Don't bother, Nicholas did it :-)<br>
<a class="moz-txt-link-freetext" href="http://www.nczonline.net/blog/2014/04/22/creating-defensive-objects-with-es6-proxies/">http://www.nczonline.net/blog/2014/04/22/creating-defensive-objects-with-es6-proxies/</a><br>
    <br>
    <blockquote
cite="mid:CADw0yCy02-gFFpRuAQz9VY6Yz0X1BLQeHEaNp0dsVzqzZmBFVA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><font face="arial, sans-serif">It actually sounds like
            an extremely useful feature for development builds of
            libraries and applications.  Typos are very very common, and
            often difficult to look over while debugging.  On the other
            hand, it would break a lot of existing code if you try to
            pass it as an object to a library; you'd have to declare
            every possible value it might check (which
            isn't necessarily bad).  Most of the time, it's just an
            options object, or an object it'll iterate over the keys of.</font></div>
        <div><font face="arial, sans-serif"><br>
          </font></div>
        <div><font face="arial, sans-serif">Using it on arrays would
            also reduce off-by-1 errors (though I don't see them often
            in JS).</font></div>
      </div>
    </blockquote>
    Ever since I've started using forEach/map/filter/reduce, I haven't
    had an off-by-one error on arrays. Highly recommanded! (I think I've
    heard Crockford making the same recommandation in a recent talk, but
    I cannot find the link)<br>
    <br>
    David<br>
    <br>
    <blockquote
cite="mid:CADw0yCy02-gFFpRuAQz9VY6Yz0X1BLQeHEaNp0dsVzqzZmBFVA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><font face="arial, sans-serif"><br>
          </font></div>
        <div>
          <div><font face="arial, sans-serif"><br>
            </font></div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Fri, Jun 6, 2014 at 7:37 AM, David
          Bruant <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:bruant.d@gmail.com" target="_blank">bruant.d@gmail.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>Le 06/06/2014 15:57, Mark S. Miller a écrit :<br>
              </div>
              <div class="">
                <blockquote type="cite">
                  <div dir="ltr">By contrast, a Map's state is more like
                    the private instance variable state of a closure or
                    a post-ES6 class.</div>
                </blockquote>
              </div>
              The capabilities to arbitrarily modify Maps (set/delete on
              all keys, with any values) will be expected by any
              ES6-compliant code to be globally available, so a Map's
              state cannot reasonably be considered private.<br>
              This differs from the state of a closure where its access
              is strictly moderated by the public API giving access to
              it and to the fact that this API is not provided globally
              (unlike Map.prototype).
              <div class=""><br>
                <br>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div class="gmail_extra">
                      <div class="gmail_quote">
                        <div>Object.freeze of a Map should not alter the
                          mutability of this state for the same reason
                          it does not alter the state captured by a
                          closure or a future class instance.</div>
                      </div>
                    </div>
                  </div>
                </blockquote>
              </div>
              I'd argue the Map state is very much like regular objects
              (for which you can't deny [[Set]], [[Delete]], etc.), not
              closure's state.<br>
              <br>
              In an ES6 world, denying access to the global
              Map.prototype.* would break legitimate code, so that's not
              really an option confiners like Caja could provide.
              <div class=""><br>
                <br>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div class="gmail_extra">
                      <div class="gmail_quote">
                        <div><br>
                        </div>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000"> <br>
                            or should an Object.makeImmutable be
                            introduced? (it would be freeze + make all
                            internal [[*Data]] objects immutable)</div>
                        </blockquote>
                        <div><br>
                        </div>
                        <div>We do need something like that. But it's a
                          bit tricky. A client of an object should not
                          be able to attack it by preemptively
                          deep-freezing it against its wishes.</div>
                      </div>
                    </div>
                  </div>
                </blockquote>
              </div>
              I don't see the difference with shallow-freezing?<br>
              It's currently not possible to defend against
              shallow-freezing (it will be possible via wrapping in a
              proxy).
              <div class=""><br>
                <br>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div class="gmail_extra">
                      <div class="gmail_quote">
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex"><br>
                        </blockquote>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000">
                            <div>
                              <blockquote type="cite">
                                <div dir="ltr">
                                  <div class="gmail_extra">
                                    <div class="gmail_quote">
                                      <div>This can be achieved with
                                        Proxy right, or is that too
                                        cumbersome? <br>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </blockquote>
                            </div>
                            Code-readability-wise, wrapping in a proxy
                            is as cumbersome as a call to
                            Object.preventUndeclaredGet I guess.<br>
                            <br>
                            This sort of concerns are only
                            development-time concerns and I believe the
                            runtime shouldn't be bothered with these
                            (I'm aware it already is in various web).
                            For instance, the TypeScript compiler is
                            capable today of catching this error. Given
                            that we have free, cross-platform and fairly
                            easy to use tools, do we need assistance
                            from the runtime?<br>
                          </div>
                        </blockquote>
                        <div><br>
                        </div>
                        <div>Yes. Object.freeze is a runtime production
                          protection mechanism, because attacks that are
                          only prevented during development don't matter
                          very much ;). <br>
                        </div>
                      </div>
                    </div>
                  </div>
                </blockquote>
              </div>
              Just to clarify, I agree that Object.freeze was necessary
              in ES5 (have we had proxies, it might have been harder to
              justify?), because there was no good alternative to
              protect an object against the parties it was shared with.<br>
              But the concern Nicholas raises doesn't seem to have this
              property. Reading a property that doesn't exist doesn't
              carry a security risk, does it?
              Object.preventUndeclaredGet doesn't really protect against
              anything like ES5 methods did.<span class="HOEnZb"><font
                  color="#888888"><br>
                  <br>
                  David<br>
                </font></span></div>
            <br>
            _______________________________________________<br>
            es-discuss mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:es-discuss@mozilla.org">es-discuss@mozilla.org</a><br>
            <a moz-do-not-send="true"
              href="https://mail.mozilla.org/listinfo/es-discuss"
              target="_blank">https://mail.mozilla.org/listinfo/es-discuss</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>