2011/12/19 Herby Vojčík <he...@mailbox.sk>
> Hello,
>
> I see error here. Unless I misunderstood something, in present state it so
> that:
>
> var n = Name();
> proxy[n] // triggers handler.get(target, n.public);
>
> proxy[n.public] // triggers handler.get(target, ToString(n.public));
>
> and n.public is object, not string. So get handler can easily discriminate
> between string and public object. Yes I can forge it with {toString:
> function() { return "foo"; }}, but you can simply check n.public === name
> to see if the right public for the name was supplied (and if you don't know
> n, do not meddle with its affairs, it's none of your business), so I see no
> need for special trap, reasonably coded get cannot be fooled by calling
> proxy[n.public].
>
Two points:
1) I was under the impression that in the present proposal, what is passed
to the "get" trap is really ToString(name.public), not the name.public
object. The proposal is vague in this regard, but I'm pretty sure Sam and
Dave did not intend to widen the type of the "name" parameter of the "get"
trap from String to Object. Sam, Dave, can you clarify?
2) Even if name.public would not be stringified, if both normal and private
name property access would go through the "get" trap, it would still be the
responsibility of the "get" trap to properly forward private names. If this
is the case, a very common bug with proxies will be that the "get" trap
will mistakenly turn private name access into normal property access of the
wrong property name.
What my proposal boils down to is to consider obj[privateName] and
obj[string] as two separate operations, with their own traps. This allows
us to get the default behavior for private names right (forward as
target[privateName], not as target[privateName.public]).
> As for:
>
>
> private name property get/set could bypass the proxy entirely and be
> forwarded unconditionally to the target, just like |typeof|,
> |Object.getPrototypeOf| and [[Class]].
>
> please look at "Forward proxies with private names" thread. There I
> propose something in this line, but less strict and more powerful while
> still secure.
>
Yes, I just read your proposal (sorry for missing it earlier).
Calling the trap and catching a special exception is something that we have
avoided in the proxy design thus far. One possibility is to have the
"getPrivate" trap return a boolean. If the trap returns false, the proxy
will forward the private name access. This would allow the getPrivate trap
to check whether the "public" argument corresponds to one of its own
private names. If not, it just returns false (no throwing exceptions or
calling special Proxy.getDefault methods needed).
Cheers,
Tom
> Herby
>
>
> -----Pôvodná správa----- From: Tom Van Cutsem
> Sent: Monday, December 19, 2011 11:03 AM
> To: David Bruant
> Cc: Brendan Eich ; es-discuss
>
> Subject: Re: Are Private name and Weak Map the same feature? and the Assoc
> API
>
> ...
>
>
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
