__proto__ security
Gavin Barraclough
barraclough at apple.com
Mon Feb 13 11:43:11 PST 2012
On Feb 12, 2012, at 11:28 AM, Brendan Eich wrote:
> Heh, I knew that was coming. I'll amend to say "of long standing" after "implementations" :-P.
:-D
> I still have a gut feeling that someone is going to take advantage of the setter for bad purposes that will be harder to block than would be the case if __proto__ reflected as a data property. But I can't prove this.
Understood. We needed to change our implementation to fix ES5 compatibility issues with our prior mechanism. Implementing this internally as a accessor is much cleaner for us, and I think we'd want to keep it implemented this way even if we were to add the magic necessary to allow us to make it masquerade as a data descriptor (I still firmly side with Mark's strawman as to how this should be presented to users, but I didn't intend our current implementation to preclude alternatives).
cheers,
G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120213/5ce8081b/attachment-0001.html>
More information about the es-discuss
mailing list