On Sat, Apr 25, 2015 at 5:03 PM, Domenic Denicola <d...@domenic.me> wrote:
> There needs to be an unforgable brand property such that only objects > created with `new XPromise()` pass `XPromise.resolve`. It is not a use case > to allow building an object ES5 style in pieces to pass the brand check. > Such objects should be coerced to real promises. But can you give me an actual use case, please? The ostensible security property is pretty moot given `Object.setPrototypeOf`. In this case, the promises *are* "real promises". They were created with `new Promise`. But then the prototype was changed. So in effect I've forged the brand -- they are not actually `Promise` any more, they are something else. And I can forge this arbitrarily using Reflect.construct, which lets me set `new.target` (and thus [[PromiseConstructor]]`) to absolutely anything I want. If the brand property is not actually unforgeable, what use is it? It seems like some broken piece of an idea that doesn't actually work. But maybe it does work and serve a purpose -- that's why I'm asking: can we point to someone who is actually using this functionality for a specific purpose? And is it working for them? --scott
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
