B.3.1 The __proto__ pseudo property

Andrea Giammarchi andrea.giammarchi at gmail.com
Sun Apr 21 12:58:34 PDT 2013


then you'll have ambiguous operations

obj[key] = value;

will not always do the same since

obj[key]

will not always do the same neither.

If a program decides/needs/wants no magic then magic should disappear and
if not in the chain it should not be inherited.

I'd rather leave, if really necessary for reasons behind my comprehension,
the literal {__proto__} but obj.__proto__ won't have anymore any sense if
there's nothing to inherit as property behavior.


On Sun, Apr 21, 2013 at 12:48 PM, Axel Rauschmayer <axel at rauschma.de> wrote:

> However, let's get back to (a) coffee :-); (b) ES6 and the ability to
> delete Object.prototype.__proto__.
>
> You don't want that to affect object literals evaluated in the same realm
> after such a deletion. Why not?
>
>
> [Sorry for cutting in, but this is the core point of my confusion.]
>
> I’d argue: delete Object.prototype.__proto__ is a measure to disable
> operations for untrusted code that pose a security risk.
>
> ==> FORBID mutating [[Prototype]]:
>         foo.__proto__ = ...   // set (1)
>
> ==> ALLOW:
>         { __proto__: ... }   // (2)
>         foo.__proto__   // get (3)
>
> I’d allow the latter two in order not to break untrusted code that uses
> operations that are already possible in standard ES5 (Object.create() and
> Object.getPrototypeOf). AFAICT, these two operations pose no security risk.
>
> Additionally, (1) and (3) should be disabled in a dict setting
> (Object.prototype not in prototype chain). Previously, I referred to the
> wrong numbers here.
>
> Axel
>
> --
> Dr. Axel Rauschmayer
> axel at rauschma.de
>
> home: rauschma.de
> twitter: twitter.com/rauschma
> blog: 2ality.com
>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130421/154ee85e/attachment.html>


More information about the es-discuss mailing list