Proxies and proto; cyclic now possible

François REMY at
Mon Dec 8 13:24:41 PST 2014


I just had an horrible idea which can DDOS Firefox or hangs your tab in IE:

   var o = {}; 

   var p = new Proxy(o, { get: function(o, p) { return o[p]; } });

   o.__proto__ = p;

This works because of the cycle detection for setting prototypes. Should it?

Best regards,



PS: I know you could get the same behavior with a proto having a reference to itself via a global variable, but in this case the proxy looks fine, and the exploitation comes from a code he can’t control.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list