Open
Description
Right now, we implement wrapping/unwrapping of IDL objects through a symbol:
Lines 61 to 77 in ab63e7e
However, this is not only allows client scripts to escape the jsdom environment, it also fools brand checks if prototypes are used:
const url = new URL("...");
const notURL = Object.create(url);
console.log(notURL.href); // should throw TypeError but doesn't
On the other hand, private class properties are immune to this, due to their so-called WeakMap semantics. We could very well use the so-called "super-return trick" to implement IDL objects:
class Returner {
constructor(obj) {
return obj;
}
}
class Brander extends Returner {
#wrapped;
static getWrapped(obj) {
return obj.#wrapped;
}
static setWrapped(obj, wrapped) {
new Brander(obj);
obj.#wrapped = wrapped;
return obj
}
}
const urlImpl = new URLImpl(…);
const url = Object.create(URL.prototype);
Brander.setWrapped(url, urlImpl);
const roundtrippedImpl = Brander.getWrapped(url);
console.assert(urlImpl === roundtrippedImpl);
Private properties are supported since Node.js v12.x. They are supposed to be faster than WeakMap, but we should still do some performance investigations. (I expect it to be slower than symbol properties still.)
Metadata
Metadata
Assignees
Labels
No labels