@@toStringTag spoofing for null and undefined
Mark Miller
erights at gmail.com
Sat Jan 24 07:18:22 PST 2015
Actually, I withdraw that last sentence. Such protections are relevant as
well in some specialized circumstances in which the trusted code runs first
and squirrels away the relevant primordials such as
Object.prototype.toString before it can be corrupted. Extra care is needed
to avoid using it later as savedToString.call(obj) since that would leave
it open to poisoning of Function.prototype.call.
See http://wiki.ecmascript.org/doku.php?id=conventions:safe_meta_programming
On Sat, Jan 24, 2015 at 7:11 AM, Mark S. Miller <erights at google.com> wrote:
> Of course it can, by tamper proofing (essentially, freezing)
> Object.prototype. None of these protections are relevant anyway in an
> environment in which the primordials are not locked down.
>
> On Sat, Jan 24, 2015 at 6:11 AM, Gary Guo <nbdd0121 at hotmail.com> wrote:
>
>> Now I have a tendency to support the suggestion that cuts the
>> anti-spoofing part. If coder wants to make an object and pretend it's a
>> built-in, let it be. The anti-spoofing algorithm could not prevent this
>> case:
>> ```
>> Object.prototype.toString = function(){
>> return '[object I_Can_Be_Anything]';
>> }
>> ```
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>>
>
>
> --
> Cheers,
> --MarkM
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150124/024b8768/attachment.html>
More information about the es-discuss
mailing list