Le 20/12/2011 14:45, Andreas Rossberg a écrit :
> On 17 December 2011 00:24, Sam Tobin-Hochstadt <sa...@ccs.neu.edu> wrote:
>> I used to think this way about private names and proxies, and argued
>> for this position. However, I was wrong and it's a bad idea. Here's
>> why:
>>
>> You might want to implement an object with a private field and a
>> public method like this:
>>
>> let o = (function () { let n = new Name(); return { [n]: 0; get:
>> function() { return this[n]; }}})();
>>
>> But, if we don't censor private names in proxies, this abstraction leaks!
>>
>> Consider:
>>
>> let p = new Proxy(...);
>> o.get.call(p);
>>
>> Now the name is leaked to the proxy. And there's no way you can fix
>> this, without resorting to some other method of hiding things like
>> closures.
> Hm, isn't this example rather demonstrating that the ability to do
> self stealing -- i.e., the lack of lexical `this' -- is violating
> basic abstraction principles (as we all know)?
This particular example used 'this', but similar examples may not.
-----
let marker = (function(){
let n = new Name();
let counter = 0;
return {
mark: function(o){
o[n] = counter++;
}
readMark: function(o){
return o[n];
}
};
})();
marker.mark(maliciousProxy);
-----
...and the name just leaked allowing a malicious proxy to mess with the
marking.
> That is, in JS you have
> to manually fix such abstractions using .bind on your methods (or
> potential nicer alternatives in ES6). Arguably, the problem is not
> proxies or private names (under David's semantics) per se.
>
> But of course, we cannot really fix `this', so we introduce public
> name conversion (and other ad-hoc complications surrounding private
> names) as compatibility hacks that prevent blatant leaks for existing
> JS idioms. It's not puristic, but it is convenient and pragmatically
> safer.
Indeed. What do you think of the different alternative proposals
(especially regarding the "ad-hoc complications" you point out)?
David
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
