JS Class fields potentially harmful

WebReflection · February 15, 2023, 12:17pm

last about leaks:

class A {
  constructor() {
    return new String("");
  }
}

class B extends A {
  #secret = Math.random();
}

new B;

check the console and expand the String reference:
Screenshot from 2023-02-15 13-05-29

secrets are not accessible but somehow inspectable and I doubt any developer would expect this to happen.

considering that "private fields can't be deleted" neither, this hack could cause issues, imho.

if fields were attached before the super() executes, this leak wouldn't be possible.

Topic		Replies	Views
How is it possible to have a _subset_ of the private fields of a class? Spec Reading	2	365	February 20, 2022
Proposal: access to constructor parameters in field initializers 💡 Ideas proposal	16	313	December 20, 2023
Now is the best moment to implement protected fields in classes 💡 Ideas proposal	6	328	February 1, 2023
private vs static private I have questions	104	1041	December 24, 2023
Why can't `#private` fields return undefined before initialization? 💡 Ideas	9	449	August 24, 2022