The issue you may be missing (sorry if I'm mis-reading your post) is:
hostile proxy passed into module that detects private-named properties
on incoming objects. If the proxy has a handler that traps get, e.g.,
the private name will leak and the hostile party can now use it to
decorate a trojan.
So it seems to me the issue with direct proxies of whether the handler
has a relevant trap for a given access matters.
/be
Brandon Benvie wrote:
Proxies seem to be able to support this well given a little bit of
extra specification. A proxy attempts to forward the apply/construct
action naively to its target. The result is it either succeeds or
doesn't, and the same invariant checks would apply (private names have
the same rules for configurability right?).
The only difference is that a proxy won't know the result before
actually attempting to follow through, which means that private
non-configurable properties are a kind of booby trap if you *don't*
always forward everything.
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
