On Wed, Dec 21, 2011 at 5:25 AM, Andreas Rossberg <rossb...@google.com> wrote: > >>> Hm, isn't this example rather demonstrating that the ability to do >>> self stealing -- i.e., the lack of lexical `this' -- is violating >>> basic abstraction principles (as we all know)? >> This particular example used 'this', but similar examples may not. >> ----- >> let marker = (function(){ >> let n = new Name(); >> let counter = 0; >> >> return { >> mark: function(o){ >> o[n] = counter++; >> } >> readMark: function(o){ >> return o[n]; >> } >> }; >> })(); >> >> marker.mark(maliciousProxy); >> ----- >> >> ...and the name just leaked allowing a malicious proxy to mess with the >> marking. > > Sure, but o here is just a random argument, and you can never make any > assumptions about what gets passed as an argument (unless you have > some kind of nominal type or branding mechanism).
In the absence of proxies, David's example is actually safe, regardless of what object `o' is. And you really need David's example to work to make private names as useful as they can be -- otherwise, it's just re-enabling |private| from Java, and not adding anything more. -- sam th sa...@ccs.neu.edu _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss