On Scope And Prototype Security

Juan Ignacio Dopazo dopazo.juan at gmail.com
Tue Mar 19 14:43:42 PDT 2013

2013/3/17 Andrea Giammarchi <andrea.giammarchi at gmail.com>

> There are many cases where changing runtime prototype, mutating, dropping,
> whatever, can be used and it would be cool to secure nobody can retrieve it
> outside the private scope.

So basically you want to give a third party an object which has a prototype
that you want to be able to mutate, but you want to prevent the other party
from mutating it? That sounds like a Proxy.

var Public = (function () {
  var Private = {
    foo: 'bar'

  var proxy = new Proxy(Private, {
    set: function () {
      // do nothing

  return Object.create(proxy);

console.log(Public.foo); // 'bar'
Object.getPrototypeOf(Public).foo = 123;
console.log(Public.foo); // 'bar'

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130319/88d14e92/attachment.html>

More information about the es-discuss mailing list