Why we need to clean up __proto__

gaz Heyes gazheyes at gmail.com
Wed Dec 28 11:58:50 PST 2011


I'd also like to add that __proto__ allows valid JSON to change it's object
type and allow functions within properties. There isn't a compelling
exploit scenerio for this yet but who knows what is possible if setters
come into the equation.

alert(({"__proto__":[]}).sort)
alert(({"__proto__":function::['parent']}).location)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111228/a6081e7f/attachment.html>


More information about the es-discuss mailing list