Le 20/01/2013 20:11, Mark S. Miller a écrit :
Before commenting on the general question, I'm confused about
something in your code. How did a proxy get bound to "this" in your
example?
I would guess:
var p = new Proxy(purseInstance, handler);
Purse.prototype.deposit.call(p)
On Sun, Jan 20, 2013 at 10:49 AM, Kevin Smith <khs4...@gmail.com> wrote:
A proxy for a Purse instance could throw on access to "somethingInocuous",
leaving the high-integrity object in an inconsistent state. It would seem
that a high-integrity object would need to assume that any access to a
public property might throw, in case the object is being proxied.
Am I thinking about this correctly?
I think so. One way around that is that public methods only deal with
private methods/properties (which may require aliasing public things to
private equivalent?)
In case you run the untrusted code, you can provide a slightly less
powerful Proxy constructor to prevent the untrusted code from doing
this. Or a provide a slightly modified version of class methods which
unwrap proxies or throw when seeing proxies.
David
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
