Object.prototype.* writable?

Kyle Simpson getify at gmail.com
Sat May 7 09:54:34 PDT 2011

> I apologize if the question I'm about to ask has already been "dealt 
> with", but I just ran across a nasty instance of it, and wanted to just 
> ping the topic to see what the language guardians have to say about it.
> It's a well known fact that overwriting anything in Object.prototype (like 
> Object.prototype.toString, for instance) is a very bad idea, because it 
> breaks for-in looping. It also affects every single object, including even 
> natives/built-ins, often in unexpected ways.
> So, a few questions:
> 1. Would it be possible to specify that changes to Object.prototype.* do 
> NOT affect any of the natives/built-ins?
> 2. Would it be possible for Object.prototype.* to be read-only for 
> ES-Harmony (or even just strict mode)?
> 3. By read-only, I mean that changes to it would just silently be 
> discarded. Alternatively (especially for strict mode), warnings/errors 
> could be thrown if attempting to override them?
> I think that being able to override something like 
> Object.prototype.toString to "lie" about objects/values is a "security" 
> hole we should consider plugging. For instance, you can "lie" to 
> `document.location.href.toString()`

To clarify, you have to overwrite `String.prototype.toString` to "lie" in 
this particular scenario. But the point is the same.

> ... or a call like `Object.prototype.toString.call(window.opera) == 
> "[object Opera]"` (a common browser inference for Opera) is easily 
> fake'able.



More information about the es-discuss mailing list