Proxies and proto; cyclic now possible

Claude Pache claude.pache at gmail.com
Mon Dec 8 15:05:04 PST 2014


See also:

https://bugs.ecmascript.org/show_bug.cgi?id=2437

But as Domenic pointed out, there is nothing new under the sun. 

—Claude 

> Le 8 déc. 2014 à 22:24, François REMY <francois.remy.dev at outlook.com> a écrit :
> 
> Hi,
> 
> I just had an horrible idea which can DDOS Firefox or hangs your tab in IE:
> 
>    var o = {};
>    var p = new Proxy(o, { get: function(o, p) { return o[p]; } });
>    o.__proto__ = p;
> 
> This works because of the cycle detection for setting prototypes. Should it?
> 
> Best regards,
> François
> 
> __________________________
> PS: I know you could get the same behavior with a proto having a reference to itself via a global variable, but in this case the proxy looks fine, and the exploitation comes from a code he can’t control.
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20141209/d3faed4f/attachment.html>


More information about the es-discuss mailing list