__proto__ security
David Bruant
bruant.d at gmail.com
Fri Feb 10 01:18:42 PST 2012
Le 10/02/2012 10:07, Gavin Barraclough a écrit :
> On Feb 10, 2012, at 12:43 AM, David Bruant wrote:
>> Maybe I'm missing something, but what you're proposing is *exactly* a
>> frame-based check.
>
> Hi David,
>
> No, the proposed check does not correlate exactly to a frame-based
> check. For example, an object created using Object.create(null) may
> be associated with the same frame as a [[ProtoSetter]] function, but
> the restriction I propose would inhibit the object's prototype from
> being modified, where a same-frame check would. The check I am
> proposing is more restrictive.
>
> Also, and importantly (as Allen identifies), the proposed check does
> not require the spec to talk about frames or their association to objects.
>
>>> On Feb 9, 2012, at 7:18 PM, Allen Wirfs-Brock wrote:
>>>> Certainly, for the ES5 language level (which is what my current
>>>> spec. addresses) there is no way to talk about frames or the
>>>> association of one of these functions or any other object with a frame.
Oh ok, thanks for pointing the differences.
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120210/05757bc2/attachment.html>
More information about the es-discuss
mailing list