Property / Literal stealing using Object.defineProperty

Bradley Meck bradley.meck at
Thu Dec 30 07:38:17 PST 2010

Has any note been taken to the possibility of hijacking secure data
with Object.defineProperty on literals? For example tested in chrome:

>> undefined
>> 123
>> {"testSetLiteral":123}

This would lead to interesting issues in using object literals. I
would presume, you would need to check if a descriptor is set for
every private data property name, or you would need to use "safe"
prototypes for things that revolve around private data (branching on
object properties or storing private information in a closure for

More information about the es-discuss mailing list