@@toStringTag spoofing for null and undefined

Nicholas C. Zakas standards at nczconsulting.com
Mon Jan 19 14:59:10 PST 2015


According to 19.1.3.6 Object.prototype.toString() [1], it's possible to 
do this:

```js
function Foo(){}

Foo.prototype[Symbol.toStringTag] = "Null";

Object.prototype.toString.call(new Foo());   // "[object Null]"
```

It seems like `"Null"` and `"Undefined"` should be added to the step 
17(b) list of exceptions to prevent spoofing of null and undefined 
values using this approach.

I couldn't think of a reason why the current behavior would make sense, 
but if I'm off base, feel free to correct me. :)

[1]: 
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.prototype.tostring

-- 
___________________________
Nicholas C. Zakas
http://www.nczonline.net



More information about the es-discuss mailing list