Property / Literal stealing using Object.defineProperty
Allen Wirfs-Brock
allen at wirfs-brock.com
Thu Dec 30 09:15:37 PST 2010
Chrome is non-compliant with the ES5 spec. in this regard.
The specification of object literals in section 11.1.5 uses [[DefineOwnProperty]] to install object literal properties. It is not supposed to trigger any inherited get/set functions.
Try it in FF4 or Safari 5.0.3 or a IE9 preview to see the correct behavior.
Allen
On Dec 30, 2010, at 7:38 AM, Bradley Meck wrote:
> Has any note been taken to the possibility of hijacking secure data
> with Object.defineProperty on literals? For example tested in chrome:
>
> Object.defineProperty(
> Object.prototype,
> "testSetLiteral",
> {
> set:function(value){
> console.log(value);
> }
> }
> );
>>> undefined
> _={"testSetLiteral":123}
>>> 123
>>> {"testSetLiteral":123}
>
> This would lead to interesting issues in using object literals. I
> would presume, you would need to check if a descriptor is set for
> every private data property name, or you would need to use "safe"
> prototypes for things that revolve around private data (branching on
> object properties or storing private information in a closure for
> example).
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
More information about the es-discuss
mailing list