@@toStringTag spoofing for null and undefined
Domenic Denicola
d at domenic.me
Mon Jan 19 15:47:50 PST 2015
I think we should remove those anti-spoofing "protections". I anticipate a discussion at TC39 next week.
-----Original Message-----
From: es-discuss [mailto:es-discuss-bounces at mozilla.org] On Behalf Of Nicholas C. Zakas
Sent: Monday, January 19, 2015 17:59
To: es-discuss
Subject: @@toStringTag spoofing for null and undefined
According to 19.1.3.6 Object.prototype.toString() [1], it's possible to do this:
```js
function Foo(){}
Foo.prototype[Symbol.toStringTag] = "Null";
Object.prototype.toString.call(new Foo()); // "[object Null]"
```
It seems like `"Null"` and `"Undefined"` should be added to the step
17(b) list of exceptions to prevent spoofing of null and undefined values using this approach.
I couldn't think of a reason why the current behavior would make sense, but if I'm off base, feel free to correct me. :)
[1]:
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.prototype.tostring
--
___________________________
Nicholas C. Zakas
http://www.nczonline.net
_______________________________________________
es-discuss mailing list
es-discuss at mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
More information about the es-discuss
mailing list