Experimental implementation of Object.observe & JS Utility library now available

Andrea Giammarchi andrea.giammarchi at gmail.com
Fri Aug 17 02:57:41 PDT 2012

the Notifier is lazily instantiated and I believe not enumerable so
JSON.stringify should ever expose this property.

Moreover, it does not look like there is a {}.__notifier__ property
anywhere, Object.getNotifier(obj) is required indeed so a WeakMap that
relates the obj, and its notifier, cannot be serialized in a meaningful way
via JSON.stringify neither.

As summary, and correct me if I am wrong, Object.observe is safe, also
because observers are callbacks and these, again, cannot be represented in
a meaningful way in JSON.


On Fri, Aug 17, 2012 at 10:50 AM, gaz Heyes <gazheyes at gmail.com> wrote:

> Hi Rafael
> Would this proposal work on the Object prototype? If so then it could be
> used for JSON hijacking. I'd recommend it didn't.
> Cheers
> Gareth
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120817/5e9b1534/attachment.html>

More information about the es-discuss mailing list