Subj : Re: Class protection from multiple script execution using the same To : Matthew Mondor From : Brendan Eich Date : Fri Jul 23 2004 11:05 pm Matthew Mondor wrote: > On Thu, 22 Jul 2004 11:21:20 -0400 > Brendan Eich wrote: > > >>In brief: >> >>- JSClass.addProperty will be called when a property is created in an >>object. That includes the case where you predefine a property on a >>class prototype, but override the property by setting it in an instance >>that delegates to that prototype. If you don't want that "shadowing" >>property to be created, you might use JSPROP_SHARED. > > > I do not fully understand this part... Or at least how it would prevent > from adding the properties from user js code if JSPROP_SHARED is added as > part of the flags of a property... If you define a property on a class prototype with the JSPROP_SHARED attribute, then no shadowing copy will be created on a directly referenced instance that delegates to the prototype. If you predefine a proto-property without JSPROP_SHARED, on the other hand, then any delegating instance on which you set the object will have its class addProperty called when the shadowing property is created in that instance. So if you thought that the property was already added (to the prototype), and therefore is not being added to the delegating instance, then you were misconceiving what addProperty does. > Yes addProperty() is called so I attempted to supply alternatives but > without success to prevent the user js code from adding properties, > without preventing the C code from doing so at API class setup... You have to be very careful in *when* you cause addProperty to fail. But sealing is better, which is why we support it (as does Rhino). /be .