- From: <bugzilla@jessica.w3.org>
- Date: Wed, 05 Nov 2014 02:03:34 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26322 --- Comment #28 from Boris Zbarsky <bzbarsky@mit.edu> --- > I don't understand why we'd Object.freeze if doing a [[usages_exposed]] Actually, I just realized that we (Mozilla) do in fact want to Object.freeze here. We're doing it now and will likely continue to do so for the foreseeable future. The reason is to handle the case of security proxies that are supposed to provide an "unmodified" view of an object. For types defined in Web IDL this is simple: the proxy knows what things are supposed to be on the prototype by default and makes sure to only expose those things on the object. But for ES types like Array, that doesn't really work. The proxy can guarantee that you get the right array object, but not that its contents haven't been messed with by the page. Freezing the array, on the other hand, guarantees the latter property, allowing the proxy to work correctly. That approach obviously won't help with .algorithm, but that's what you get for using dictionaries... (imo not so correctly here; I pretty much agree with http://lists.w3.org/Archives/Public/public-script-coord/2014JanMar/0201.html in terms of whether to use dictionaries or interfaces in API design). -- You are receiving this mail because: You are on the CC list for the bug.
Received on Wednesday, 5 November 2014 02:03:35 UTC