@@toStringTag spoofing for null and undefined

Mark Miller erights at gmail.com
Sat Jan 24 14:57:57 PST 2015 

On Sat, Jan 24, 2015 at 2:42 PM, Isiah Meadows <impinball at gmail.com> wrote:

> > From: "Mark S. Miller" <erights at google.com>
> > To: Gary Guo <nbdd0121 at hotmail.com>
> > Cc: "es-discuss at mozilla.org" <es-discuss at mozilla.org>
> > Date: Sat, 24 Jan 2015 07:11:35 -0800
> > Subject: Re: @@toStringTag spoofing for null and undefined
> > Of course it can, by tamper proofing (essentially, freezing)
> Object.prototype. None of these protections are relevant anyway in an
> environment in which the primordials are not locked down.
>
> Yeah, pretty much. That proverbial inch was given a long time ago. And the
> proverbial mile taken. And I highly doubt the spec is going to require
> `Object.freeze(Object.prototype)`,
>
Of course not. The key is the spec allows it. SES makes use of that.





> since that prohibits future polyfills and prolyfills of the Object
> prototype. Also, you could always straight up overwrite it, but that's even
> harder to protect against. (And how many cases do you know of literally
> overwriting built-in prototypes?)
>
> Or, to throw out an analog to Java, it is perfectly possible to call or
> even override a private method through reflection. JavaScript simply has
> more accessible reflection, more often useful since it's a more dynamic
> prototype-based OO language as opposed to a stricter class-based language.
>
> >
> > On Sat, Jan 24, 2015 at 6:11 AM, Gary Guo <nbdd0121 at hotmail.com> wrote:
> >>
> >> Now I have a tendency to support the suggestion that cuts the
> anti-spoofing part. If coder wants to make an object and pretend it's a
> built-in, let it be. The anti-spoofing algorithm could not prevent this
> case:
> >> ```
> >> Object.prototype.toString = function(){
> >>   return '[object I_Can_Be_Anything]';
> >> }
> >> ```
> >>
>
> Or this:
> ```js
> function handler() {
>   throw new Error("No prototype for you!");
> }
>
> Object.defineProperty(
>   Object,
>   'prototype',
>   {
>     get: handler,
>     set: handler,
>     enumerable: true
>   });
> ```
>
> Me thinks this isn't going to get "fixed".
>
> >> _______________________________________________
> >> es-discuss mailing list
> >> es-discuss at mozilla.org
> >> https://mail.mozilla.org/listinfo/es-discuss
> >>
> >
> >
> >
> > --
> >     Cheers,
> >     --MarkM
> >
> >
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>


-- 
Text by me above is hereby placed in the public domain

  Cheers,
  --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150124/a49fd8a9/attachment.html>

More information about the es-discuss mailing list