@@toStringTag spoofing for null and undefined

Mark S. Miller erights at google.com
Tue Jan 20 15:37:37 PST 2015

On Tue, Jan 20, 2015 at 3:13 PM, Brendan Eich <brendan at mozilla.org> wrote:

> Mark S. Miller wrote:
>>     (2) can't be meta-programmed to spoof identity. But it doesn't
>>     leave anything like nominal types as found in many languages lying
>>     around as an attractive nuisance (and how, in Java!).
>> What I think I remember hearing from Tom is that Dave's main point, and
>> the main argument with Tom, was precisely allowing proxies to intercede on
>> === checks, in which case you wouldn't even have that as a reliable
>> indicator.
> Hmm, maybe -- but does Self have a reference-identity equivalence-relation
> operator that can't be spoofed? Might help to ask David, but to abstract
> from that particular SPLASH 2011 Q&A, obviously we won't be enabling such
> fakery in JS.

I don't get it. What are you proposing to change? It seems we have
agreement on the following integrity invariants:

* The object state invariants that were first codified in ES5 and further
refined in the ES6 text, and that Direct Proxies were designed to enforce.

* typeof x === "number" and similar, for all the typeof strings defined in
ES5, as reliable but coarse brands. typeof x === "function" does not mean
that x is not a proxy, but only if its target is a function (or a proxy
whose target...)

* Object.prototype.toString.call(x) === "[object Date]" and similar, but
only those, since some legacy ES5 code depends on the integrity of those
tests. For example, compromising this would introduce security holes into
some Caja code. These are less coarse than typeof, still string-based and
non-extensible as a branding mechanism.

Array.isArray(x), where true does not mean that is is not a proxy, but only
if its target is an array (or a proxy whose target...)

* === itself

* WeakMap key lookup, since this follows from preserving the integrity of

* A proxy's target cannot be mutated, though a revocable proxy's target can
be dropped (by revocation)

So, given that we're keeping all the above, what are you proposing to

> /be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150120/69615f24/attachment-0001.html>

More information about the es-discuss mailing list