Another de-facto insecurity we need to fix in ES5

Maciej Stachowiak mjs at
Wed Jun 17 20:57:03 PDT 2009

On Jun 17, 2009, at 7:34 PM, Mark S. Miller wrote:

> On Wed, Jun 17, 2009 at 7:10 PM, Maciej Stachowiak <mjs at>  
> wrote:
> As to the substantive issue: mutable __proto__ is something we would  
> prefer not to have, but we are concerned about the compatibility  
> issues. We look forward to hearing about Mozilla's experience with  
> changing it.
> In case this experiment does run into problems, what do you think  
> about Allen's proposed restriction: "That [[Prototype]] is  
> guaranteed not to change on an object for which [[Extensible]] is  
> false."? This takes care of the security issue I'm concerned about  
> and won't break any old code.

I think that would be a reasonable restriction to apply in light of  
freezing. I think it would be weird for the spec to require it without  
specifying __proto__ in the first place, but I think it would be a  
good idea for browsers that implement mutable __proto__ to do it, if  
other options do not pan out.

Perhaps to avoid the somewhat nonsensical state of imposing  
conformance requirements on features that the spec doesn't actually  
define, ideas of this sort could be provided in the form of non- 
normative implementation advice.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es5-discuss mailing list