__proto__ security

Brendan Eich brendan at mozilla.org
Fri Feb 10 15:16:29 PST 2012

Allen Wirfs-Brock wrote:
> The main reason I mention the turn-off via a global function alternative, is that it in combination with a syntax linked specification eliminates the need to worry about whether O.p.__proto__  is an accessor or data property or its attribute values. It simply is not a property under that approach.

Yeah, but delete does that more obviously.

The frame check or equivalent is still too coarse-grained for my 
future-proofing happiness. I could get over this, but combined with 
overspecifying as an accessor when I know of no implementations that 
reflect __proto__ as an accessor, the sum total for me is still negative 
on accessor.


More information about the es-discuss mailing list