> I'm still reluctant to give up on the unknownPrivateSymbol trap, because > doing so means giving up on mediation for one case. > In this case, we were able to capture every single private symbol passed > back and forth, but in another situation, maybe we didn't create A and B. > Someone else created them and just shared with each the same private > symbol and then handed off access to A and B so you can work with them. > You share an object through a membrane, they cooperate to do what you > ask them to (without using their shared secret), then, you'd like to cut > the communication? You revoke the membranes. But sharing a common object > (or a least different proxies to a common target) is all they need to > continue communicate since they have a private symbol you're oblivious > to, so they can still communicate. > In that scenario, the only way to actually cut the communication is the > unknownPrivateSymbol trap (admittedly, the scenario has been crafted to > that end, but is realistic anyway)
Is this scenario unique to private symbols? Can't I replace the word "private symbol" in your scenario above with "WeakMap" (or really just any object) and you have the same problem? If A and B are created by someone else, and both A and B are given a shared WeakMap and then they are passed off to a membrane which tries to cut communication, can't A and B continue to communicate behind the scenes through their shared WeakMap? I think if A and B are known directly to anyone before the membrane, they can build a backdoor to communicate, `unknownPrivateSymbol` trap or not. Nathan _______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
