Another de-facto insecurity we need to fix in ES5
david-sarah at jacaranda.org
Fri Jun 19 12:21:07 PDT 2009
Allen Wirfs-Brock wrote:
>> -----Original Message-----
>> From: Brendan Eich [mailto:brendan at mozilla.com]
>>> BTW, I haven't yet perceived that we have consensus on putting this
>>> into ES5. My interpretation of Brendan's initial comments on the
>>> matter was that he was opposed to it for ES5. (I'm sure he'll let
>>> us know whether or not that is correct).
>> It's late in the game, but a sentence about [[Prototype]] seems
>> doable. I defer to you on this, since you're Editor and it'll fall
>> upon you to draft the change.
> OK, I'll put it in.
I don't understand -- why just [[Prototype]], and not all internal
properties? Mutating any other internal property (such as [[Get]]
or [[Put]], for instance) would also clearly violate the intent.
The existing draft already precludes any modification of __proto__ after
Object.freeze. That's because __proto__ is an own property. The oversight
is that internal properties are not own properties (I think).
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the es5-discuss