admin管理员组文章数量:1279181
I’m trying to use a JavaScript Proxy to hide a property from detection while keeping it in the target object. The has trap successfully makes 'secret' in proxy return false, but the property is still accessible directly.
Code Example:
const target = { secret: 123, public: 456 };
const proxy = new Proxy(target, {
has(t, prop) {
if (prop === 'secret') return false; // Hide from `in` checks
return prop in t;
}
});
console.log('secret' in proxy);
console.log(proxy.secret);
Questions:
- Why does the
inoperator not block direct access to the property? - How can I fully hide a property in a Proxy so it’s undetectable and inaccessible?
- Are there specific traps (e.g.,
get,ownKeys) that must be implemented together for consistency?
Observed Behavior:
'secret' in proxycorrectly returnsfalse.proxy.secretstill returns the value123.
Expected Behavior:
If the in operator returns false for 'secret', accessing proxy.secret should throw an error or return undefined.
Attempts to Fix:
- Tried using only the
hastrap. - Researched other traps like
getandownKeysbut unsure how to coordinate them.
I’m trying to use a JavaScript Proxy to hide a property from detection while keeping it in the target object. The has trap successfully makes 'secret' in proxy return false, but the property is still accessible directly.
Code Example:
const target = { secret: 123, public: 456 };
const proxy = new Proxy(target, {
has(t, prop) {
if (prop === 'secret') return false; // Hide from `in` checks
return prop in t;
}
});
console.log('secret' in proxy);
console.log(proxy.secret);
Questions:
- Why does the
inoperator not block direct access to the property? - How can I fully hide a property in a Proxy so it’s undetectable and inaccessible?
- Are there specific traps (e.g.,
get,ownKeys) that must be implemented together for consistency?
Observed Behavior:
'secret' in proxycorrectly returnsfalse.proxy.secretstill returns the value123.
Expected Behavior:
If the in operator returns false for 'secret', accessing proxy.secret should throw an error or return undefined.
Attempts to Fix:
- Tried using only the
hastrap. - Researched other traps like
getandownKeysbut unsure how to coordinate them.
1 Answer
Reset to default 4Yes, you need to coordinate the all related traps, you could make a generic function to hide object keys.
Note that in looks in the prototype chain so for handling class instances with inheritance there could be more complex logic required.
const hideKeys = (target, keys) => {
keys = new Set(keys);
return new Proxy(target, {
get(t, prop){
if(keys.has(prop)) return;
return Reflect.get(...arguments)
},
has(t, prop) {
if (keys.has(prop)) return false; // Hide from `in` checks
return Reflect.has(...arguments);
},
ownKeys(){
return Reflect.ownKeys(...arguments).filter(key => !keys.has(key));
},
getOwnPropertyDescriptor(t, prop){
if(keys.has(prop)) return;
return Reflect.getOwnPropertyDescriptor(...arguments);
}
});
}
const target = { secret: 123, public: 456 };
const proxy = hideKeys(target, ['secret']);
console.log('secret' in proxy);
console.log(Object.hasOwn(proxy, 'secret'));
for(const k in proxy){
console.log(k);
}
console.log(proxy.propertyIsEnumerable('secret'));
console.log(proxy.secret);
console.log(JSON.stringify(proxy));本文标签:
版权声明:本文标题:Why does the in operator return false for a Proxy property, but the property is still accessible in JavaScript? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741299498a2371009.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
inoperator not block direct access to the property?" - because property access does not use theinoperator. Yes, you need to implementget, and have all the traps coordinate. – Bergi Commented Feb 24 at 0:02