On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Tue Mar 19 13:25:14 PDT 2013

so is __parent__ ... in the Mozilla world, not in every browser. So your
point is that __proto__ is a good thing I guess, I thought it was rather a

Moreover, I am talking about the standard Object.getPrototypeOf() which has
been introduced recently, not in 1998, and there's no mechanism to prevent
it to return the prototype.

I understand now security is highly subjective here and private classes
should not exist in a programming language.

Again, **good to know**

On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com> wrote:

> Andrea Giammarchi wrote:
>> It is not possible to secure or make a class hidden, it was possible
>> before the introduction of __proto__ and Object.getPrototypeOf in ES3, now
>> this is gone, and this was my security concern.
>> ...
>> Again, it was possible, now it's not possible anymore.
> By "anymore" you mean since 1998 or so? __proto__ is very old.
> /be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/c61ac912/attachment.html>

More information about the es-discuss mailing list