private-field-symbol-debugger-access.js (1104B)
1 // Make a new global to debug 2 const global = newGlobal({ newCompartment: true }); 3 4 // Create an object in that global with a private field. 5 global.eval("\nclass MyClass {\n #privateProperty1\n }\nobj = new MyClass();"); 6 7 // Debug said global. 8 const debug = Debugger(); 9 const globalDebugObject = debug.addDebuggee(global); 10 11 // Leak the private name symbol backing the private field. 12 var otherGlobalObj = globalDebugObject.getOwnPropertyDescriptor("obj").value 13 var privateSymbol = otherGlobalObj.getOwnPrivateProperties()[0] 14 15 // Create a different proxy. 16 var p = new Proxy({}, {}); 17 18 // Try to look up the leaked private symbol on the new proxy. 19 // This crashes, as it violates the assumption baked into the proxy code 20 // that all accesses are scripted, and thus creation and symbol management 21 // invariants are correctly observed. 22 fail = false; 23 try { 24 p[privateSymbol] = 1; 25 fail = true; 26 } catch (e) { 27 assertEq(e instanceof TypeError, true); 28 } 29 assertEq(fail, false); 30 31 try { 32 p[privateSymbol]; 33 fail = true; 34 } catch (e) { 35 assertEq(e instanceof TypeError, true); 36 } 37 assertEq(fail, false);