> > >2. They would not invoke any traps on proxies. > >3. They would not tunnel through proxies to proxy targets. > >4. Getting a private-symbol-keyed property would not traverse the > prototype chain of the object (perhaps arguable). > Unnecessary, as long as symbol doesn't leak to external environment, I > don't think we need to impose these constraints. Without these constraints > I did not see any problems there. >
You simply cannot allow 2 and 3 and still call them private symbols. If you allow 2, then an attacker can discover private symbols by creating a proxy for an object which uses them in one of its methods. If you allow 3, then private symbols are an unmediated communication channel across membranes.
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
