On Scope And Prototype Security

Brendan Eich brendan at mozilla.com
Tue Mar 19 13:41:17 PDT 2013


Andrea Giammarchi wrote:
> so is __parent__ ... in the Mozilla world, not in every browser.

That's irrelevant and also it was never writable.

> So your point is that __proto__ is a good thing I guess, I thought it 
> was rather a mistake.

I didn't say that. I just said it is old.

> Moreover, I am talking about the standard Object.getPrototypeOf() 
> which has been introduced recently, not in 1998, and there's no 
> mechanism to prevent it to return the prototype.

SES and similar "prepared environment" dialects can and do handle things 
like Object.getPrototypeOf (and __proto__).

> I understand now security is highly subjective here and private 
> classes should not exist in a programming language.

No one said private classes should not exist. David mentioned traits. 
ES5 provides tools for high-integrity abstractions. See 
http://traitsjs.org/.

/be

>
> Again, **good to know**
>
>
>
>
>
>
> On Tue, Mar 19, 2013 at 1:13 PM, Brendan Eich <brendan at mozilla.com 
> <mailto:brendan at mozilla.com>> wrote:
>
>     Andrea Giammarchi wrote:
>
>         It is not possible to secure or make a class hidden, it was
>         possible before the introduction of __proto__ and
>         Object.getPrototypeOf in ES3, now this is gone, and this was
>         my security concern.
>         ...
>
>         Again, it was possible, now it's not possible anymore.
>
>
>     By "anymore" you mean since 1998 or so? __proto__ is very old.
>
>     /be
>
>


More information about the es-discuss mailing list