__proto__ security

Brendan Eich brendan at mozilla.org
Mon Feb 13 09:55:45 PST 2012

Andreas Rossberg wrote:
> On 12 February 2012 23:47, Brendan Eich<brendan at mozilla.org>  wrote:
>> The concern (no trolling here) is at least about attack surface. If there's
>> no setter that can be extracted, there's no need for the "frame check"
>> (however phrased). Adding that check adds more machinery to get wrong or
>> have interact in unexpected ways with other moving parts.
> One could also make the proto accessor special in that reflecting it
> does only return a poisoned pair of getter/setters.
That is strictly better than "innovating" by providing a setter that can 
be reflected upon and then called on other (same-"frame") objects.

> Doesn't seem more
> magic or hacky than pretending that it is a data property. :)

Hate to argue about devils on pinheads but the always-throwing poisoned 
accessor patterns (first seen in ES5 strict) smell worse to me than a 
data property with magic behind it. We had lots of those in various DOMs 
since day 1 (Netscape 2). Perhaps I'm just used to the odor :-/.


More information about the es-discuss mailing list