__proto__ security

Gavin Barraclough barraclough at apple.com
Sun Feb 12 10:47:52 PST 2012

On Feb 10, 2012, at 11:55 AM, Brendan Eich wrote:
> "over-specifying", right? I am in favor of specifying __proto__ minimally in Annex B.
>>  But, one thing I would like enshrined in the spec is that `"__proto__" in Object.create(null) === false`.
> For sure!

The idea of a minimal specification sounds really encouraging.  It seems there are a few really key points that everyone appears to be in complete agreement on – that the __proto__ property should be a member of the Object Prototype, that this should be the only mechanism available to change an object's prototype, and that it should be configurable.

On Feb 10, 2012, at 3:16 PM, Brendan Eich wrote:
> I know of no implementations that reflect __proto__ as an accessor,

WebKit is using an accessor in nightly builds.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120212/377af01f/attachment.html>

More information about the es-discuss mailing list