On Tue, Mar 1, 2011 at 8:51 AM, Boris Zbarsky <bzbar...@mit.edu> wrote: > The big worry here is that you have to be _very_ careful to define behavior > properly. It's not an issue for extension APIs, where you can assume that > the caller will do sane (and probably non-malicious) things. But for a web > API like this you would need to define exactly when and how many times the > UA is supposed to get the "clientX" property of the second argument, for > example. That's a minimal requirement; there are probably other ratholes > here that would need worrying about. :( > > Alternately, we could require that all the properties be plain data > properties or something, to avoid some of those pitfalls.
I think the latter sounds like the right way to go. I can't imagine any use-case where you'd need to set anything other than regular old properties on the object (and I say that as someone who uses this pattern a lot in my own code).