Another de-facto insecurity we need to fix in ES5

Maciej Stachowiak mjs at
Wed Jun 17 19:13:34 PDT 2009

On Jun 17, 2009, at 3:34 PM, Mark S. Miller wrote:

> On Mon, Jun 15, 2009 at 9:23 PM, Brendan Eich <brendan at>  
> wrote:
> For ES5, this is a tempest in a teapot.
> We at Mozilla are trying to remove assignable __proto__ in a near- 
> term release,
> Hi Brendan, this is wonderful news!
> As reason for skepticism, our v8 folk cite
> <"__proto__+%3D+"+lang:javascript>

Seems like a fair chunk of those examples are in JS code that's not  
deployed on public Web sites.

  - Maciej

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es5-discuss mailing list