What's the behavior of nested function?

[hax]

This is the question from @welefen .

function f(x) {
  return function g() {
    'hide source'
    return x
  }
}
f.toString() // is source code of g() still available here?

A:

function f(x) {
  return function g() {
    'hide source'
    return x
  }
}

or B:

function f(x) {
  return function g() { [native code] }
}

I guess it should be A but can't find direct answer about it in the README.

[ljharb]

I would expect it to be A.

[hax]

Yeah I also expect it to be A, but it means even a function is marked as "sensitive" (assume have the same behavior as "hide source" in toString() usage), the source code is still available if you can get the outer function. For example, even I can mark a class method "sensitive", it's easy to find the source from obj.constructor.toString(). And hiding class is clumsy due to #21 . The result may be "just mark the whole file sensitive!" which seems increase the risk of abusing these powerful directives and cause problems in the ecosystem (like collecting error stacks for bug tracking).

[ljharb]

If you expose an object you didn’t mean to, someone can mutate it too - that doesn’t mean everyone just freezes everything just in case they make a bug :-)

[michaelficarra]

The proposal spec text says A, and I would expect A, though this admittedly does seem like a footgun. I will raise the issue during my next presentation.