Another de-facto insecurity we need to fix in ES5

Allen Wirfs-Brock Allen.Wirfs-Brock at microsoft.com
Fri Jun 19 12:19:43 PDT 2009


I think it is reasonable to say that [[Extensible]] false also means that the [[Class]] internal property and perhaps any "SpecOp" internal properties in table 5 (that now includes [[PrimitiveValue]]) may not change.  I not so sure it is useful or meaning to talk about the internal methods in this regard as nowhere in the spec. do we even have the concept of changing them.

I'm skeptical that we can say anything meaningful about implementation extensions.  If we tried to say something about implementation specific internal property, a implementation could just say that the per object state that it needs for some extension isn't an internal property but something else.

So, for this stage of our process I think we can cover [[Class]] and perhaps the other table 5 internal properties.  I don't think it is a good use of our time to beyond that now.

Allen  

>-----Original Message-----
>From: es5-discuss-bounces at mozilla.org [mailto:es5-discuss-
>bounces at mozilla.org] On Behalf Of David-Sarah Hopwood
>Sent: Friday, June 19, 2009 11:51 AM
>To: es5-discuss at mozilla.org
>Subject: Re: Another de-facto insecurity we need to fix in ES5
>
>John Cowan wrote:
>> David-Sarah Hopwood scripsit:
>>
>>> I support clarifying that [calling] Object.freeze prevents any
>further
>>> mutation of all internal properties (it already prevents mutation
>>> of __proto__, since that is a non-internal own-property). There's no
>>> reason to treat [[Prototype]] or __proto__ as a special case.
>>
>> No, but an implementation might provide a magic function setPrototype
>> instead, which merely freezing internal properties would not override.
>> Making it clear that [[Prototype]] can't be changed covers this case
>> as well.
>
>I meant that Object.freeze should prevent mutating all internal
>properties
>by any means.
>
>--
>David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com
>
>_______________________________________________
>es5-discuss mailing list
>es5-discuss at mozilla.org
>https://mail.mozilla.org/listinfo/es5-discuss


More information about the es5-discuss mailing list