@@toStringTag spoofing for null and undefined

Claude Pache claude.pache at gmail.com
Tue Feb 10 10:51:59 PST 2015


You misunderstood me: I wasn't referring to interaction between legacy and new code, but to legacy code by itself, e.g. on an unmaintained site, that used to work and would suddenly break (hint: "unknown object" was specifically `String.prototype`). —Claude

> Le 10 févr. 2015 à 13:16, Gary Guo <nbdd0121 at hotmail.com> a écrit :
> 
> `({[Symbol.toStringTag]: 'String'})` could be identified as string as well, use the legacy method. ES6 guarantees that legacy code will work, but it does not ensure that legacy code could work well with new codes that intended to create a fake string.
> 
> Subject: Re: @@toStringTag spoofing for null and undefined
> From: claude.pache at gmail.com <mailto:claude.pache at gmail.com>
> Date: Tue, 10 Feb 2015 09:54:03 +0100
> CC: es-discuss at mozilla.org <mailto:es-discuss at mozilla.org>
> To: nbdd0121 at hotmail.com <mailto:nbdd0121 at hotmail.com>
> 
> Changing `String.prototype` from String to non-String is indeed a risk by itself. But the issue I was mentioning is independent of that, namely that an unknown object would be misidentified as String and would throw on methods that work only on Strings, e.g.: `if (getType(obj) == "String") { return obj.toUpperCase() }`, where `getType()` is based on `O.p.toString`.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150210/e3a4774c/attachment.html>


More information about the es-discuss mailing list