Practically speaking, given dynamic-this-binding by default in JS, it's
too easy to access a foreign object with an important name (private
symbol in the hypothesis). It will happen. You will leak it. It can then
be used to attack you.
/be
Domenic Denicola wrote:
From: Brandon Benvie [[email protected]]
That would leak the Symbol to the Proxy and then private Symbols wouldn't carry
a guarantee of security. That's the only difference between private Symbols and
unique Symbols.
Right, I thought about that, but I am still not quite clear on what the attack
is here. From an ocap sense, it feels like you're handing off the private
symbol to the proxy, which is just like exporting it from your module or
passing it to a function. Why should the proxy not have access to something
that you gave it?
The attacks I normally consider public symbols vulnerable to are of the form:
```js
module "foo" {
const public = Symbol();
export default {
[public]: 10
};
}
module "bar" {
import foo from "foo";
// Nobody gave me access to the `public` symbol, but I can still do:
const public = Object.getOwnPropertyKeys(foo)[0];
// Now I can modify the exported object:
foo[public] = 20;
}
```
What would the similar attack code look like for a proxy?
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
