Lecture series on SES and capability-based security by Mark Miller

Mark S. Miller erights at google.com
Tue Nov 8 15:46:38 PST 2011


On Tue, Nov 8, 2011 at 3:33 PM, David Herman <dherman at mozilla.com> wrote:

> Perhaps __proto__ should not be writeable in "use strict"?
>>
>
> That's a great idea! This never occurred to me, and I have not heard
> anyone suggest this. Thanks!
>
>
> Doesn't work.
>
>     obj[(function(__){return __ + "proto" + __})("__")]
>

If the "[" above is a strict "[", it should not be able to address
"__proto__", regardless of whether the  "__proto__" is computed or not. Or
if we intend only to suppress writing, then

     obj[(function(__){return __ + "proto" + __})("__")] = {}

should still fail if the "[" above is in strict code.



>
> Dave
>
>


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111108/9a66660d/attachment.html>


More information about the es-discuss mailing list