On Scope And Prototype Security

Andrea Giammarchi andrea.giammarchi at gmail.com
Tue Mar 19 13:25:14 PDT 2013


so is __parent__ ... in the Mozilla world, not in every browser. So your
point is that __proto__ is a good thing I guess, I thought it was rather a
mistake.

Moreover, I am talking about the standard Object.getPrototypeOf() which has
been introduced recently, not in 1998, and there's no mechanism to prevent
it to return the prototype.

I understand now security is highly subjective here and private classes
should not exist in a programming language.

Again, **good to know**






On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com> wrote:

> Andrea Giammarchi wrote:
>
>> It is not possible to secure or make a class hidden, it was possible
>> before the introduction of __proto__ and Object.getPrototypeOf in ES3, now
>> this is gone, and this was my security concern.
>> ...
>>
>> Again, it was possible, now it's not possible anymore.
>>
>
> By "anymore" you mean since 1998 or so? __proto__ is very old.
>
> /be
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/c61ac912/attachment.html>


More information about the es-discuss mailing list