Proxies and proto; cyclic now possible

François REMY francois.remy.dev at outlook.com
Mon Dec 8 13:24:41 PST 2014


Hi,


I just had an horrible idea which can DDOS Firefox or hangs your tab in IE:


   var o = {}; 

   var p = new Proxy(o, { get: function(o, p) { return o[p]; } });

   o.__proto__ = p;



This works because of the cycle detection for setting prototypes. Should it?


Best regards,

François


__________________________

PS: I know you could get the same behavior with a proto having a reference to itself via a global variable, but in this case the proxy looks fine, and the exploitation comes from a code he can’t control.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20141208/eddc6079/attachment.html>


More information about the es-discuss mailing list