__proto__ security

Allen Wirfs-Brock allen at wirfs-brock.com
Mon Feb 13 12:11:14 PST 2012 

On Feb 13, 2012, at 11:43 AM, Gavin Barraclough wrote:

> On Feb 13, 2012, at 9:55 AM, Allen Wirfs-Brock wrote:
> 
>> Finally, an alternative to extending [[Get]] and [[Put]] would be to extend the GetValue abstraction operation (8.7.1) and the Simple Assignment evaluation semantics (11.13.1).
>> 
>> [[DefineOwnProperty]] and [[Delete]] still need to be extended but, independent of any of the above, these two can probably be made over-riding implementations on Object.prototype rather than extending the default implementations used by all objects.
> 
> 
> Hi Allen,
> 
> I don't know if this is helpful, but Mark's strawman seemed to make this much simpler, perhaps it might make for a less intrusive specification to define that this should behave as if it is an accessor property following Mark's ProtoGetter/ProtoSetter descriptions, whilst leaving how the property is reflected ambiguous?  I think this should amount to the same thing, just might be easier to encapsulate this way?

I believe what that amounts to is specifying the property as (not "as if") an accessor property with ProtoGetter/ProtoSetter get/set functions and then specifying a  [[GetOwnProperty]] over-ride for Object.prototype.__proto__ that allows an implementation to choose between returning a data property descriptor and returning a accessor property descriptor with censored get/set functions.

There would still need to be a way to specify that special treatment of __proto__ in object literals is disabled when Object.prototype.__proto__ is modified or deleted.  While this could be done with prose I think using [[Delete]] and [[DefineOwnProperty]] hooks (and the UnderscoreProtoEnabled variable) is a more precise why to specify what actions are required to actually disables __proto__.

In general, I prefer preciseness over conciseness in the specification.

Also, I think we need some more thought about how the approaches (specified as accessor vs. specified as [[Put]]/[[Get]] extensions) differ in the presence of proxies.

Allen



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120213/df38b7ec/attachment.html>

More information about the es-discuss mailing list