__proto__ security

Mark S. Miller erights at google.com
Sat Jan 28 20:56:49 PST 2012


On Sat, Jan 28, 2012 at 5:21 PM, Gavin Barraclough <barraclough at apple.com>wrote:
[...]

> Given this is __proto__ we're talking about, maybe it just isn't worth
> being overly specific here?
>
> How about we just specify that:
>        * The only permissible way to modify an object's [[Prototype]] is
> through __proto__.
>        * __proto__ must be a property of Object.prototype.
>        * __proto__ must be configurable.
>
> This would mean that any conforming implementation would have a easy,
> spec-defined way to remove __proto__, without burdening browsers who
> implement this as a data descriptor to change their implementations to make
> it an accessor descriptor, or burdening browsers who implement this as an
> accessor descriptor to change their implementations to make it a data
> descriptor.
>
> Are there a significant practical benefit of a more restrictive
> specification that this fails to cover?


Reducing gratuitous observable differences between implementations. I care
much more that we all agree on one alternatives than I care which one it is.


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120128/1f50c3dc/attachment.html>


More information about the es-discuss mailing list