@@toStringTag spoofing for null and undefined

Isiah Meadows impinball at gmail.com
Sat Jan 24 14:42:23 PST 2015


> From: "Mark S. Miller" <erights at google.com>
> To: Gary Guo <nbdd0121 at hotmail.com>
> Cc: "es-discuss at mozilla.org" <es-discuss at mozilla.org>
> Date: Sat, 24 Jan 2015 07:11:35 -0800
> Subject: Re: @@toStringTag spoofing for null and undefined
> Of course it can, by tamper proofing (essentially, freezing)
Object.prototype. None of these protections are relevant anyway in an
environment in which the primordials are not locked down.

Yeah, pretty much. That proverbial inch was given a long time ago. And the
proverbial mile taken. And I highly doubt the spec is going to require
`Object.freeze(Object.prototype)`, since that prohibits future polyfills
and prolyfills of the Object prototype. Also, you could always straight up
overwrite it, but that's even harder to protect against. (And how many
cases do you know of literally overwriting built-in prototypes?)

Or, to throw out an analog to Java, it is perfectly possible to call or
even override a private method through reflection. JavaScript simply has
more accessible reflection, more often useful since it's a more dynamic
prototype-based OO language as opposed to a stricter class-based language.

>
> On Sat, Jan 24, 2015 at 6:11 AM, Gary Guo <nbdd0121 at hotmail.com> wrote:
>>
>> Now I have a tendency to support the suggestion that cuts the
anti-spoofing part. If coder wants to make an object and pretend it's a
built-in, let it be. The anti-spoofing algorithm could not prevent this
case:
>> ```
>> Object.prototype.toString = function(){
>>   return '[object I_Can_Be_Anything]';
>> }
>> ```
>>

Or this:
```js
function handler() {
  throw new Error("No prototype for you!");
}

Object.defineProperty(
  Object,
  'prototype',
  {
    get: handler,
    set: handler,
    enumerable: true
  });
```

Me thinks this isn't going to get "fixed".

>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>
>
>
> --
>     Cheers,
>     --MarkM
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150124/910138ec/attachment.html>


More information about the es-discuss mailing list