__proto__ and JSON

Allen Wirfs-Brock allen at wirfs-brock.com
Thu May 31 08:59:11 PDT 2012

On May 31, 2012, at 1:37 AM, gaz Heyes wrote:

> On 30 May 2012 14:52, Brendan Eich <brendan at mozilla.com> wrote:
> Felix Böhm wrote:
> Okay, fair point. But JSON.parse should do what it's name says: Parse JSON. Ignoring keys is not an option.
> JSON.parse must not treat __proto__ specially, per ES5. What's the problem you see?
> __proto__ can remove all methods for an object, this could cause a whole block of code to fail when using a property from the JSON object. For example using valueOf/toString with any property that has a null proto. 
> x={y:{__proto__:null}};
> x=x.y+''; // I'm gonna bail because I have no toString  

Yes, but:

console.log(x.y+'');  //outputs the string "null"

JSON.parse is specified as  to not trigger any magic __proto__ behavior when building its object tree.  In the above case it simply defines a own property named "__proto__" whose value is null.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120531/c120262c/attachment.html>

More information about the es-discuss mailing list