proposal-function-implementation-hiding icon indicating copy to clipboard operation
proposal-function-implementation-hiding copied to clipboard

Published 20 hours ago verified publisher icon tc39

What's the behavior of nested function?

Open hax opened this issue 5 years ago • 4 comments

This is the question from @welefen .

function f(x) {
  return function g() {
    'hide source'
    return x
  }
}
f.toString() // is source code of g() still available here?

A:

function f(x) {
  return function g() {
    'hide source'
    return x
  }
}

or B:

function f(x) {
  return function g() { [native code] }
}

I guess it should be A but can't find direct answer about it in the README.

hax avatar Dec 03 '19 00:12 hax

I would expect it to be A.

ljharb avatar Dec 03 '19 00:12 ljharb

Yeah I also expect it to be A, but it means even a function is marked as "sensitive" (assume have the same behavior as "hide source" in toString() usage), the source code is still available if you can get the outer function. For example, even I can mark a class method "sensitive", it's easy to find the source from obj.constructor.toString(). And hiding class is clumsy due to #21 . The result may be "just mark the whole file sensitive!" which seems increase the risk of abusing these powerful directives and cause problems in the ecosystem (like collecting error stacks for bug tracking).

hax avatar Dec 03 '19 01:12 hax

If you expose an object you didn’t mean to, someone can mutate it too - that doesn’t mean everyone just freezes everything just in case they make a bug :-)

ljharb avatar Dec 03 '19 01:12 ljharb

The proposal spec text says A, and I would expect A, though this admittedly does seem like a footgun. I will raise the issue during my next presentation.

michaelficarra avatar Dec 03 '19 03:12 michaelficarra