Lecture series on SES and capability-based security by Mark Miller

Mark S. Miller erights at google.com
Tue Nov 8 15:50:16 PST 2011


On Tue, Nov 8, 2011 at 3:46 PM, Mark S. Miller <erights at google.com> wrote:

>
>
> On Tue, Nov 8, 2011 at 3:33 PM, David Herman <dherman at mozilla.com> wrote:
>
>> Perhaps __proto__ should not be writeable in "use strict"?
>>>
>>
>> That's a great idea! This never occurred to me, and I have not heard
>> anyone suggest this. Thanks!
>>
>>
>> Doesn't work.
>>
>>     obj[(function(__){return __ + "proto" + __})("__")]
>>
>
> If the "[" above is a strict "[", it should not be able to address
> "__proto__", regardless of whether the  "__proto__" is computed or not.
> Or if we intend only to suppress writing, then
>
>      obj[(function(__){return __ + "proto" + __})("__")] = {}
>
> should still fail if the "[" above is in strict code.
>

Sorry, it should not fail. It should simply create a normal property that
happens to be named "__proto__". Likewise, your first example should simply
address such a normal property. Then JSON would again be an almost-subset
of ES5/strict, modulo \u2028 and \u2029.



>
>
>
>>
>> Dave
>>
>>
>
>
> --
>     Cheers,
>     --MarkM
>



-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20111108/f569596b/attachment.html>


More information about the es-discuss mailing list