Another de-facto insecurity we need to fix in ES5
david-sarah at jacaranda.org
Fri Jun 19 11:34:19 PDT 2009
Mark S. Miller wrote:
> The ES3 and ES5 specs both specify the implicit [[Prototype]] property as
> something that is initialized once and then unchanged. All major browsers
> today but IE alias this to the name "__proto__" (as if that's a named
> property) and allow it to be mutated.
I support clarifying that setting Object.freeze prevents any further
mutation of all internal properties (it already prevents mutation of
__proto__, since that is a non-internal own-property). There's no reason
to treat [[Prototype]] or __proto__ as a special case.
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the es5-discuss