Message from JavaScript discussions

June 2017

— Well, my approach is always using symbols:

(in own file, aka wrapped in IIFE):

const priv = new Symbol();

class MyClass {
  constructor () {
    this[priv] = { value: 42 };
  }
  digitSum () {
    return String(this[priv].value)
      .split('').reduce((sum, digit) =>
        sum + digit, 0);
  }
}

Message permanent page

—

So symbols work like this:
if you have a reference to the symbol instance (priv in this case), you can access a prop referenced by that symbol, otherwise, you have no access to this[priv]

— Meaning if I had a reference to priv in another file, I could do myInstance[priv] and have access to the "private" variables

Message permanent page

— But I don't, because of IIFE

— Which MEANS only statics AND instance methods within the class definition itself have access to private vars

Message permanent page

— And NOT external (modified in runtime for example) instance methods:

MyClass.prototype.foo = [rogue function]

Message permanent page

— Which means that the new syntax offers no new attack surface

— There is a buitin for getting all symbols, isn't there?

— WAT

— Yeah, I remember reading about it on MDN

— This does make sense

— Well, symbols is only one method