[[SetInheritance]] (was: General comments response (was Re: ES6 Rev13 Review: MOP-refactoring, symbols, proxies, Reflect module))

Brandon Benvie brandon at brandonbenvie.com
Mon Dec 31 07:28:26 PST 2012


On Monday, December 31, 2012, Tom Van Cutsem wrote:
>
> That said, I think this issue is orthogonal to our choice of whether or
> not to expose "setPrototypeOf" as part of the MOP. Even if we do expose
> it, any sandbox that wants to take away the ability the set the prototype
> can simply poison Reflect.setPrototypeOf in addition to deleting
> Object.prototype.__proto__.
>

Ive realized this is actually a potentially serious flaw with the module
system with regards to how the builtin modules expose features. If you
introduce Reflect.setPrototypeOf (or more generally, anything exposed
as an export of
a system module) there is no way for something like SES (user level) to
remove access to it. There's no way to monkey patch these things or remove
them or add new features to them because the modules aren't externally
mutable. `delete Reflect.setPrototypeOf` is not currently an option.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20121231/abfba8d2/attachment.html>


More information about the es-discuss mailing list