An ECMAScript implementation of a Membrane, allowing users to dynamically hide, override, or extend objects in JavaScript with controlled effects on the original objects.
License: ISC License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
In other words, let's use the Membrane constructor and appropriate object graph handlers to protect private members of the Membrane from public access.
Bonus: dogfooding!
Same as issue 11, but with a blacklist instead of a whitelist.
ObjectGraphHandler.prototype.getWrappable(value) should usually return [false, value] for a primitive, or [true, value] for a non-primitive.
membrane.modifyRules(fieldName, proxy, getWrappable) replaces this method with getWrappable.
Major pieces:
The tests for "allowLocalProperties" specifically allow the act of deleting properties to cross the membrane. Because it's unclear whether hiding is better or worse than actually deleting, I claim it's a separate use case.
The current build system is probably not the best way for writing Node- and browser-friendly JavaScript code, and doesn't factor in import and export statements for ECMAScript 6. The build system therefore should be reviewed by a Node package authoring expert.
Required for #5.
If the "wet" object graph explicitly prevents Foo.prototype.hiddenPropName from being exposed, then it should be possible in the "dry" object graph to do the following:
var x = new DryFoo();
x.hiddenPropName = "notSoHidden";
expect(x.hiddenPropName).toBe("notSoHidden");
var X = getWet(x);
expect(X.hiddenPropName).not.toBe("notSoHidden");The Membrane code also needs an API to specify how this sort of change would be implemented.
I'm just digging into the library now and noticed https://github.com/ajvincent/es7-membrane/blob/master/source/Membrane.js#L343. Is it possible to also wrap non-configurable and non-writable proxies in the object graph? I am interested in keeping a perfect mirror between the wet and dry spaces.
Here is the example I'm working on:
const dryWetMB = new Membrane({});
// 3. Establish "wet" ObjectGraphHandler.
const wetHandler = dryWetMB.getHandlerByField("wet", true);
// 4. Establish "dry" ObjectGraphHandler.
const dryHandler = dryWetMB.getHandlerByField("dry", true);
// 5. Establish "wet" view of an object.
// 6. Get a "dry" view of the same object.
const wrappedWindow = dryWetMB.convertArgumentToProxy(
wetHandler,
dryHandler,
window,
);
}
console.log(wrappedWindow.caches);
Examples:
This allows one proxy to alter the results of another in controlled conditions.
Node, CommonJS and browserify are all nice to have, but this is really supposed to be an ECMAScript-friendly module in all respects. That means import and export statements, hopefully without breaking existing browsers and Node targets...
Required for #5.
Hey @ajvincent, great work on this project, it's fantastic! I would love to use this project in my other work and contribute. Is there any chance you could add a license to the repo?
This will be necessary for the DogfoodMembrane, which will otherwise leak memory through holding onto revoke functions for unnecessarily generated proxies.
This will probably be via use of sandboxes. The goal is to modify the Membrane API so that it can create sandboxes and prepopulate them with appropriately shielded values.
Note that truly hiding an Error's stack cannot begin until the Error enters an object graph handler. If you are in a "dry" object graph and "dry" code calls:
throw new Error("foo");then the stack cannot be hidden at that line of code unless the Error constructor itself was overridden somehow.
This means a "dry" object graph may have properties which the "wet" graph's objects never see.
ProxyMapping.prototype already has flags effectively for "allowLocalProperties" and "mustDeleteLocally". It will soon need flags for .preventExtensions, .setPrototypeOf.
Similarly, we will want methods:
ProxyMapping.prototype.getLocalFlag(fieldName, flagName);
ObjectGraphHandler.prototype.getLocalFlag(proxyMapping, flagName, recursePrototypes);
We could have three object graphs:
Thou shalt not bless thine software with the holy "1.0" version number unless another competent developer can verify thine code is reasonable and does what the project says it should.
Suppose the "dry" graph can only influence the "damp" graph, and the "damp" graph is the route to influencing the "wet" graph.
The current implementation has each graph interacting with the original graphs of each object.
membrane.modifyRules.replaceProxy(p, h);
Object.setPrototypeOf(h, someOtherObject);Required for #5.
ObjectGraphHandler.prototype.fixOwnProperties explicitly defines properties, but this is probably bad. It would be better to cache the list of "known keys" on the ProxyMapping so that we don't require certain properties be defined (particularly since defining properties can sometimes be done only once, per proxy constraints).
If a Membrane object leaks out, there are several ways a bad actor could cause problems:
Membrane.prototype.preventModifications() should be defined to prevent:
The dogfood membrane can prevent some things:
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.