Allen Wirfs-Brock wrote:
It seems that understanding the difference between defining a property and
assigning to a property is a distinction that JS developers need to learn.
Particularly, as object definition patterns migrate away from definition via
assignment to more declarative forms (class definitions, object literals, class
extension literals, etc.)
Yet teachers do subset and can teach a subset that ignores definition
and exposes only assignment.
I think based on explicit use of "teaching" and "new developers"
verbiage that this is what we're hearing. If so, such a concern cannot
constrain the entire non-subsetted language, any more than subsetting
English means we all speak toddler-talk.
The refactoring concern is plausible in my view:
version 1:
// my code is not too large and I make my own object with secrets in it.
var obj = {pub: lic, sec: ret};
version 2:
// evolved to split the construction in two:
function makeBase(lic) {
// do some logging or pre-processing/validation/normalization of
lic here.
return {pub: lic};
}
var obj = makeBase(lic).{sec: ret};
version 3:
// my code has grown, makeBase is popular, also virtualized, so
discovered.
var makeBase = appServices.findService("Base");
var obj = makeBase(lic).{sec: ret};
Now, because Murphy was an optimist, a bad actor can inject a different
makeBase that defines a setter to steal 'sec''s value, ret.
Contrived? I think not. We have a combination here of a known exploit
(JSON theft), a new operator that (under this example's hypothesis does
what Tab wants, and assigns not defines), and codebase growth +
generalization into reusable and discoverable parts that we've all seen.
Would using = instead of : really help, though? I could see the same
exploit arising no matter what single character was used.
Would requiring Object.definePropert{y,ies} help? I think not, it simply
won't occur to most developers who follow this arc to use that in time
to be safe. And if hacked, they'll be outraged that so verbose an
API-set must be used.
The only usable+secure extensions I see are two, so we don't confuse
users with almost-identical syntax with quite different (when it matters
most, when under attack) semantics:
A. obj.{prop: val, ...} as safe mustache, with : for define not assign.
B. obj.[prop = val; ...] with meta... of course, for fluent-style
chained assignments of obj's props.
I use [ not { for the chained case so the bracketing as well as
;-separation (final ; is optional) and = not : distinguish B from A for
readers looking at any punctuation.
/be
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
