Proxies and proto; cyclic now possible

François REMY francois.remy.dev at outlook.com
Mon Dec 8 15:24:12 PST 2014


± >     var o = {};
± >     var p = new Proxy(o, { get: function(o, p) { return o[p]; } });
± >     o.__proto__ = p;
± 
± This does nothing on its own in Firefox, afaict.
± If I then do "o.foo" I get a "too much recursion" exception, as expected.
± 
± What is the problem, exactly?

I typed the line one by one in the console, that's why. There must be something wrong with the console, then.



± I too had a horrible idea which can DDOS Firefox or hangs your tab in IE:
±
± ```js
± while (true) { }
±  ```

Sure, you can also do that; but you have the control of what's going on in this case. What I find strange is that we don't allow "o.__proto__ = o" but we accept the Proxy thing. So people may not even know this is possible, and may forget to protect themselves against it.


± See also:
± https://bugs.ecmascript.org/show_bug.cgi?id=2437

Great, that's what I was thinking about. I shared the same concern as Allen about involuntary while loop of prototype cascade that would never return to the user code and would never stop at all. But if UA are aware of the situation and took action, that should be fine I agree. I just wanted to be sure it's the case. It seems Firefox's console didn't get the message but Firefox itself seems to handle this fine.

IE doesn't do as well as Firefox since it never recover the tab; but then again this is not different from a while(true) loop.

Best regards,
François


More information about the es-discuss mailing list