Object.prototype.* writable?
Kyle Simpson
getify at gmail.com
Sat May 7 09:54:34 PDT 2011
> I apologize if the question I'm about to ask has already been "dealt
> with", but I just ran across a nasty instance of it, and wanted to just
> ping the topic to see what the language guardians have to say about it.
>
> It's a well known fact that overwriting anything in Object.prototype (like
> Object.prototype.toString, for instance) is a very bad idea, because it
> breaks for-in looping. It also affects every single object, including even
> natives/built-ins, often in unexpected ways.
>
> So, a few questions:
>
> 1. Would it be possible to specify that changes to Object.prototype.* do
> NOT affect any of the natives/built-ins?
>
> 2. Would it be possible for Object.prototype.* to be read-only for
> ES-Harmony (or even just strict mode)?
>
> 3. By read-only, I mean that changes to it would just silently be
> discarded. Alternatively (especially for strict mode), warnings/errors
> could be thrown if attempting to override them?
>
> I think that being able to override something like
> Object.prototype.toString to "lie" about objects/values is a "security"
> hole we should consider plugging. For instance, you can "lie" to
> `document.location.href.toString()`
To clarify, you have to overwrite `String.prototype.toString` to "lie" in
this particular scenario. But the point is the same.
> ... or a call like `Object.prototype.toString.call(window.opera) ==
> "[object Opera]"` (a common browser inference for Opera) is easily
> fake'able.
--Kyle
More information about the es-discuss
mailing list