New forbidden rule: No leaking Proxy

In Firefox, it is possible to detect if an object is a proxy. I think this is not what we want (maybe cc @markm ?)

I think we should forbid engines to leak if an object is a proxy or not in any manner (e.g. Error message)

V8 also leaks this kind of information via the error stack

It’s always possible to detect if a proxy around “a builtin with internal slots” is a proxy. Proxy isn’t meant to be used by itself, it’s meant to be used as part of a membranes implementation.

Internal slots (like private fields, and identity) don’t tunnel through proxies, and that is very much by design.

Thanks for forwarding my screenshot here. Just created an account to track the post.

In addition to String, .prototype.valueOf method of other native objects (such as Number and Date) works as well.

What I want is: the engine just reports "incompatible receiver" without revealing their brand.

The exception reveals the brand, because the user knows which prototype method they .called on it. The contents of the message are both never specified by ECMAScript, and are also not relevant to the information being exposed.