__proto__ security

David Bruant bruant.d at gmail.com
Fri Feb 10 01:18:42 PST 2012


Le 10/02/2012 10:07, Gavin Barraclough a écrit :
> On Feb 10, 2012, at 12:43 AM, David Bruant wrote:
>> Maybe I'm missing something, but what you're proposing is *exactly* a 
>> frame-based check.
>
> Hi David,
>
> No, the proposed check does not correlate exactly to a frame-based 
> check.  For example, an object created using Object.create(null) may 
> be associated with the same frame as a [[ProtoSetter]] function, but 
> the restriction I propose would inhibit the object's prototype from 
> being modified, where a same-frame check would.  The check I am 
> proposing is more restrictive.
>
> Also, and importantly (as Allen identifies), the proposed check does 
> not require the spec to talk about frames or their association to objects.
>
>>> On Feb 9, 2012, at 7:18 PM, Allen Wirfs-Brock wrote:
>>>> Certainly, for the ES5 language level (which is what my current 
>>>> spec. addresses) there is no way to talk about frames or the 
>>>> association of one of these functions or any other object with a frame.
Oh ok, thanks for pointing the differences.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120210/05757bc2/attachment.html>


More information about the es-discuss mailing list