Another de-facto insecurity we need to fix in ES5

Maciej Stachowiak mjs at apple.com
Wed Jun 17 19:13:34 PDT 2009


On Jun 17, 2009, at 3:34 PM, Mark S. Miller wrote:

> On Mon, Jun 15, 2009 at 9:23 PM, Brendan Eich <brendan at mozilla.com>  
> wrote:
> For ES5, this is a tempest in a teapot.
>
> We at Mozilla are trying to remove assignable __proto__ in a near- 
> term release,
>
> Hi Brendan, this is wonderful news!
>
> As reason for skepticism, our v8 folk cite
>
> <http://www.google.dk/codesearch?q="__proto__+%3D+"+lang:javascript>
>

Seems like a fair chunk of those examples are in JS code that's not  
deployed on public Web sites.

  - Maciej

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es5-discuss/attachments/20090617/d6c19428/attachment.html>


More information about the es5-discuss mailing list