__proto__ security

Brendan Eich brendan at mozilla.org
Fri Feb 10 11:55:23 PST 2012


Domenic Denicola wrote:
> I am generally with Brendan that specifying __proto__ is not very necessary.

"over-specifying", right? I am in favor of specifying __proto__ 
minimally in Annex B.

>   But, one thing I would like enshrined in the spec is that `"__proto__" in Object.create(null) === false`.

For sure!

/be


More information about the es-discuss mailing list