@@toStringTag spoofing for null and undefined
Dmitry Soshnikov
dmitry.soshnikov at gmail.com
Tue Jan 20 12:26:26 PST 2015
A side note: while the `@toStringTag` topic is actively discussed and is
planned for the following meeting, I'd like to double-check the topic I
raised previously related to the `@toStringTag` and user-level classes: [1]
(basically provide default `@@toStringTag` being the class name), and what
Nicholas's use-case shows in his initial message in this thread.
[1] https://esdiscuss.org/topic/default-tostringtag-for-user-classes
Dmitry
On Mon, Jan 19, 2015 at 2:59 PM, Nicholas C. Zakas <
standards at nczconsulting.com> wrote:
> According to 19.1.3.6 Object.prototype.toString() [1], it's possible to do
> this:
>
> ```js
> function Foo(){}
>
> Foo.prototype[Symbol.toStringTag] = "Null";
>
> Object.prototype.toString.call(new Foo()); // "[object Null]"
> ```
>
> It seems like `"Null"` and `"Undefined"` should be added to the step 17(b)
> list of exceptions to prevent spoofing of null and undefined values using
> this approach.
>
> I couldn't think of a reason why the current behavior would make sense,
> but if I'm off base, feel free to correct me. :)
>
> [1]: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-
> object.prototype.tostring
>
> --
> ___________________________
> Nicholas C. Zakas
> http://www.nczonline.net
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150120/600241bb/attachment-0001.html>
More information about the es-discuss
mailing list