On Sat, Dec 20, 2014 at 10:41 PM, Gary Guo <nbdd0...@hotmail.com> wrote:
> Oops, mistakes found. I just ignored the fact that in this particular way the
> Symbol can be retrieved. It seems impossible to have an idea of private
> symbol in this way. In the case, I think the language can provide a way to
> distinguish whether an object is created directly by a class/constructor. It
> seems that there will be no way to prevent that unless the language ensures
> this.
>
> For example, Add a well-known Symbol @@constructor, and when constructing an
> object, make sure any objects have a property @@constructor and has the
> descriptor {enumerable:false, configurable:false, writable: false, value:
> *The constructor that actually creates the object*}
Hostile code can just grab that well-known symbol and brand their own
objects with it, indistinguishably from the language.
There are ways around this, too - create your own Symbol, keep it
closure-private to the class, so it doesn't escape the class's
methods. Have the constructor take an extra argument that must be
equal to this symbol; if it's not, the constructor instead calls
itself, passing all of its arguments through and adding the special
identity Symbol, and just returns that. That way you know that your
"this" object is definitely a fresh language-created one, and you're
definitely being called as a constructor, not as a function invoked on
some arbitrary object.
~TJ
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
