Le 23/01/2013 09:38, Tom Van Cutsem a écrit :
3) because of JS's "invoke = get + apply" semantics, by default a
proxy always leaves the |this| value pointing at the proxy.
Looking only at 3), sometimes this is what you want, and sometimes it
isn't.
In which case would it be what you want?
The example Brandon (and Kevin before him) provided showed something
very intrusive about proxies related to your 3). That proxies mediate
the access to the public method is one thing, that they pretend to be
the object acted on inside the method opens a entire world.
Even with fixes suggested by Allen, the hazard can still exist if
someone does:
Counter.prototype.increment.call(new Proxy(counter, maliciousHandler))
I have no idea how this can be mitigated in general without creating a
mechanism that can be abused to unwrap proxies. For classes
specifically, maybe an option can make that classes keep track of
generated objects and throw if non-instance is passed in a method as
|this| (...which is exactly the kind of things DOM Node tree
manipulation methods will need)
David
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
