There's a specialization of DefaultHasher for jsid here: https://searchfox.org/mozilla-central/source/js/src/vm/Shape.h#920

It's not available in any public SpiderMonkey headers, so embedders have to implement one themselves. However, the implementation there uses private JSAtom and JS::Symbol APIs in js::HashId in order to avoid a security leak.

According to https://bugzilla.mozilla.org/show_bug.cgi?id=1317936#c7 this was done inline for performance reasons.

Unfortunately that means that embedders must use an insecure jsid hasher since they don't have access to JSAtom::hash() and JS::Symbol::hash().

tcampbell, any thoughts on how this could be made available?