> I want to stress this again: proxies, for all operations they can
> intercept, can always decide to go into an infinite loop or throw.
> If they do throw, they can't "hide" their attack from your code. In that
> sense they don't violate the code's integrity. The "invariant enforcement"
> mechanism is based on the same assumptions: if the proxy detects that the
> handler behaves badly, throw to signal the problem.
>
> The alternative to throwing would be for proxies to absorb any exceptions
> thrown by traps, but that would be worse (silent failures).
>
Sure.
Quoting you from the other thread:
> Indeed. But in Javascript, methods shouldn't (in general) make any
> assumptions about their |this| values.
>
OK - but we can't have it both ways. We can't allow |this| to give us
access to "private" data (regardless of the implementation) *and also*
allow that |this| may be an untrusted proxy. If |this| grants access to
private data, then it must be trustable. Anything else is inherently risky.
{ Kevin }
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
