Standardizing __proto__

Kyle Simpson getify at gmail.com
Fri Mar 18 20:35:34 PDT 2011


There's LOTS of sites out there that still (unfortunately) do unsafe 
overwriting/overloading of the native's prototypes. For instance, just a few 
months ago, I ran across a site that was creating a Array.prototype.push() 
implementation that was incompatible with the standard implementation. When 
I injected jQuery onto that page, jQuery failed to work because Sizzle 
relies on being able to call push() with multiple parameters (something the 
page's .push() didn't handle). And there are many, many other examples, like 
adding String.prototype.trim(), etc.

The point? If everyone were in the habit of using sandboxable natives, like 
FuseBox provides, then that page could override it's version of Array all it 
wanted (even the native one), and my code, using Fuse.Array, would be 
perfectly safe.

Sandboxing a native-like object is just as much about preventing my changes 
from affecting others as it is about protecting myself from what others do.

Now, *can* I achieve the same thing without sandboxed natives? Of course. I 
can make fake data structure wrappers for every data type I care about. But 
I lose a lot of the semantics, operators, syntax-sugar of the actual 
natives. For instance, it's REALLY nice that a sandbox'd Array still lets me 
use the [] operator to access indices, etc. Is it perfect? No. But it's a 
LOT better than just choosing some custom namespace for my app and creating 
all new data structure wrappers. And in many cases, it's more 
efficient/performant, too.

To reiterate what John said earlier: The spirit of what FuseBox does doesn't 
require the mutability of the __proto__, but since at the moment there is no 
way to set the [[Prototype]]/[[Class]] of an object at creation time, 
__proto__ is the only option in some browsers (where iframe is buggy). If we 
can agree on something that allows such behavior at creation of an object, 
*including* Function objects (because I personally use a variation of 
FuseBox techniques to sandbox my functions), then __proto__ becomes 
unnecessary.

--Kyle

 



More information about the es-discuss mailing list