__proto__ security

Gavin Barraclough barraclough at apple.com
Fri Feb 10 01:07:45 PST 2012


On Feb 10, 2012, at 12:43 AM, David Bruant wrote:
> Maybe I'm missing something, but what you're proposing is *exactly* a frame-based check.

Hi David,

No, the proposed check does not correlate exactly to a frame-based check.  For example, an object created using Object.create(null) may be associated with the same frame as a [[ProtoSetter]] function, but the restriction I propose would inhibit the object's prototype from being modified, where a same-frame check would.  The check I am proposing is more restrictive.

Also, and importantly (as Allen identifies), the proposed check does not require the spec to talk about frames or their association to objects.

>> On Feb 9, 2012, at 7:18 PM, Allen Wirfs-Brock wrote:
>>> Certainly, for the ES5 language level (which is what my current spec. addresses) there is no way to talk about frames or the association of one of these functions or any other object with a frame.

cheers,
G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120210/0094603c/attachment-0001.html>


More information about the es-discuss mailing list