Message from JavaScript discussions

June 2017

— Well, my approach is always using symbols:

(in own file, aka wrapped in IIFE):

const priv = new Symbol();

class MyClass {
constructor () {
this[priv] = { value: 42 };
}
digitSum () {
return String(this[priv].value)
.split('').reduce((sum, digit) =>
sum + digit, 0);
}
}

Message permanent page

— 

So symbols work like this:
if you have a reference to the symbol instance (priv in this case), you can access a prop referenced by that symbol, otherwise, you have no access to this[priv]

— Meaning if I had a reference to priv in another file, I could do myInstance[priv] and have access to the "private" variables

Message permanent page

— But I don't, because of IIFE

— Which MEANS only statics AND instance methods within the class definition itself have access to private vars

Message permanent page

— And NOT external (modified in runtime for example) instance methods:

MyClass.prototype.foo = [rogue function]

Message permanent page

— Which means that the new syntax offers no new attack surface

— There is a buitin for getting all symbols, isn't there?

— WAT

— Yeah, I remember reading about it on MDN

— This does make sense

— Well, symbols is only one method