B.3.1 The __proto__ pseudo property

Axel Rauschmayer axel at rauschma.de
Sun Apr 21 12:48:37 PDT 2013


> However, let's get back to (a) coffee :-); (b) ES6 and the ability to delete Object.prototype.__proto__.
> 
> You don't want that to affect object literals evaluated in the same realm after such a deletion. Why not?

[Sorry for cutting in, but this is the core point of my confusion.]

I’d argue: delete Object.prototype.__proto__ is a measure to disable operations for untrusted code that pose a security risk.

==> FORBID mutating [[Prototype]]:
        foo.__proto__ = ...   // set (1)

==> ALLOW:
        { __proto__: ... }   // (2)
        foo.__proto__   // get (3)

I’d allow the latter two in order not to break untrusted code that uses operations that are already possible in standard ES5 (Object.create() and Object.getPrototypeOf). AFAICT, these two operations pose no security risk.

Additionally, (1) and (3) should be disabled in a dict setting (Object.prototype not in prototype chain). Previously, I referred to the wrong numbers here.

Axel

-- 
Dr. Axel Rauschmayer
axel at rauschma.de

home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130421/aa0e72e1/attachment-0001.html>


More information about the es-discuss mailing list