On Thu, Dec 23, 2010 at 5:53 AM, Kevin Smith <khs4...@gmail.com> wrote:
> If I might ask a side-question: what's the value in making an object > non-extensible in ES5? I understand the value of making properties > non-configurable or non-writable, but I don't yet see a reason to prevent > extensions. Hi Kevin, Allen also asked about this. Quoting from < https://mail.mozilla.org/pipermail/es-discuss/2010-December/012342.html>: Allen asked: > Even if this style did become the norm, I don't see why you would argue in >> support of mechanisms that allow extension of frozen objects. Isn't the >> whole point of freezing to prevent any extensions. >> > I responded: > No. Let's distinguish two use cases. The point of shallow freezing is to > create a "tamper proof object" (the phrase I've been using in talks). If x > is a tamper proof object given to otherwise isolated subsystems A and B, > then the only interactions between them enabled by giving them x are those > that the author of x chooses to provide. This helps both security and > modularity. As David-Sarah points out, only if the author of x is in control > of what public interface they export can they know what changes they can > make without breaking clients. > > Building on this, the point of transitive immutability is to create objects > that can be safely shared between isolated subsystems without thereby giving > them *any* means to interact. With out historic inability to freeze the > primordials (Object.prototype, etc), our only isolation mechanism was the > creation of separate frames. In the browser, separate same-origin frames by > themselves provides no security benefit, but are increasingly used for their > modularity benefit -- to ensure that various complex subsystems do not > interfere with each other. Notice that the clone code, whether expressed > using soft fields or private names, will not succeed at associating default > behavior with objects from other frames. If same-origin frames grows as the > best practice, we both lose. > > When we are able to freeze the primordials, and combined with our desire to > remove the global object from the bottom of the scope chain, then we can > arrange to bring separate subsystems into one frame without interference. > Then the soft field clone works but the private names clone does not. The > private names clone *only* works if we bring these all into one frame and > (by not freezing the primordials) risk that these complex subsystems may > destructively interfere with each other silently -- with no diagnostic. >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss