On Wed, Dec 21, 2011 at 5:25 AM, Andreas Rossberg <rossb...@google.com> wrote:
>
>>> Hm, isn't this example rather demonstrating that the ability to do
>>> self stealing -- i.e., the lack of lexical `this' -- is violating
>>> basic abstraction principles (as we all know)?
>> This particular example used 'this', but similar examples may not.
>> -----
>> let marker = (function(){
>> let n = new Name();
>> let counter = 0;
>>
>> return {
>> mark: function(o){
>> o[n] = counter++;
>> }
>> readMark: function(o){
>> return o[n];
>> }
>> };
>> })();
>>
>> marker.mark(maliciousProxy);
>> -----
>>
>> ...and the name just leaked allowing a malicious proxy to mess with the
>> marking.
>
> Sure, but o here is just a random argument, and you can never make any
> assumptions about what gets passed as an argument (unless you have
> some kind of nominal type or branding mechanism).
In the absence of proxies, David's example is actually safe,
regardless of what object `o' is. And you really need David's example
to work to make private names as useful as they can be -- otherwise,
it's just re-enabling |private| from Java, and not adding anything
more.
--
sam th
sa...@ccs.neu.edu
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
