> I want to stress this again: proxies, for all operations they can > intercept, can always decide to go into an infinite loop or throw. > If they do throw, they can't "hide" their attack from your code. In that > sense they don't violate the code's integrity. The "invariant enforcement" > mechanism is based on the same assumptions: if the proxy detects that the > handler behaves badly, throw to signal the problem. > > The alternative to throwing would be for proxies to absorb any exceptions > thrown by traps, but that would be worse (silent failures). >
Sure. Quoting you from the other thread: > Indeed. But in Javascript, methods shouldn't (in general) make any > assumptions about their |this| values. > OK - but we can't have it both ways. We can't allow |this| to give us access to "private" data (regardless of the implementation) *and also* allow that |this| may be an untrusted proxy. If |this| grants access to private data, then it must be trustable. Anything else is inherently risky. { Kevin }
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss