Property / Literal stealing using Object.defineProperty
Mark S. Miller
erights at google.com
Thu Dec 30 10:27:26 PST 2010
Now recorded at http://code.google.com/p/v8/issues/detail?id=1015
Thanks for reporting!
On Thu, Dec 30, 2010 at 9:15 AM, Allen Wirfs-Brock <allen at wirfs-brock.com>wrote:
> Chrome is non-compliant with the ES5 spec. in this regard.
>
> The specification of object literals in section 11.1.5 uses
> [[DefineOwnProperty]] to install object literal properties. It is not
> supposed to trigger any inherited get/set functions.
>
> Try it in FF4 or Safari 5.0.3 or a IE9 preview to see the correct behavior.
>
> Allen
>
>
> On Dec 30, 2010, at 7:38 AM, Bradley Meck wrote:
>
> > Has any note been taken to the possibility of hijacking secure data
> > with Object.defineProperty on literals? For example tested in chrome:
> >
> > Object.defineProperty(
> > Object.prototype,
> > "testSetLiteral",
> > {
> > set:function(value){
> > console.log(value);
> > }
> > }
> > );
> >>> undefined
> > _={"testSetLiteral":123}
> >>> 123
> >>> {"testSetLiteral":123}
> >
> > This would lead to interesting issues in using object literals. I
> > would presume, you would need to check if a descriptor is set for
> > every private data property name, or you would need to use "safe"
> > prototypes for things that revolve around private data (branching on
> > object properties or storing private information in a closure for
> > example).
> > _______________________________________________
> > es-discuss mailing list
> > es-discuss at mozilla.org
> > https://mail.mozilla.org/listinfo/es-discuss
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
--
Cheers,
--MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20101230/af57bca3/attachment-0001.html>
More information about the es-discuss
mailing list