Experimental implementation of Object.observe & JS Utility library now available

Andrea Giammarchi andrea.giammarchi at gmail.com
Fri Aug 17 03:04:36 PDT 2012


As far as I can tell, Object.observe(obj) create a notifier in the obj
itself which means, after that, if you Object.prototype.whatever = 123; the
obj notifier *won't* fire since it's not its own property and I do hope
this works with own properties only otherwise not only we can have
hijacking attacks but tremendous performance impact ( if a notifier has to
automatically create a notifier up to the proto chain until the null
prototype ... a non-sense, imho )

On Fri, Aug 17, 2012 at 11:01 AM, gaz Heyes <gazheyes at gmail.com> wrote:

> On 17 August 2012 10:57, Andrea Giammarchi <andrea.giammarchi at gmail.com>wrote:
>
>> the Notifier is lazily instantiated and I believe not enumerable so
>> JSON.stringify should ever expose this property.
>>
>> Moreover, it does not look like there is a {}.__notifier__ property
>> anywhere, Object.getNotifier(obj) is required indeed so a WeakMap that
>> relates the obj, and its notifier, cannot be serialized in a meaningful way
>> via JSON.stringify neither.
>>
>
> Ah no I wasn't talking about the JSON object but remotely hacking JSON
> feeds themselves using external scripts and hijacking the Object prototype
> with Observe.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120817/b61c3472/attachment.html>


More information about the es-discuss mailing list