Another de-facto insecurity we need to fix in ES5

P T Withington ptw at
Thu Jun 18 06:32:10 PDT 2009

On 2009-06-18, at 04:06EDT, Brendan Eich wrote:

>> Nevertheless, I'm pleased to report that our v8 folks agree that if  
>> Mozilla does this and does not back off because of compatibility  
>> problems, they will do so as well. Thanks for being brave enough to  
>> jump into this pool first!
> Water's fine, really!

Client data point:  OpenLaszlo's class system relied on writable  
__proto__ back in the day.  We eliminated that dependency about 4  
years ago to make our code more portable across browsers (and in  
anticipation of utilizing "real" classes for runtimes that supported  
them, such as Actionscript 3 and the late Javascript 2).

More information about the es5-discuss mailing list