Another de-facto insecurity we need to fix in ES5

Brendan Eich brendan at mozilla.org
Fri Jun 19 16:19:22 PDT 2009


On Jun 19, 2009, at 3:57 PM, Allen Wirfs-Brock wrote:

>> -----Original Message-----
>> From: es5-discuss-bounces at mozilla.org [mailto:es5-discuss-
>> bounces at mozilla.org] On Behalf Of David-Sarah Hopwood
>>
>> The existing draft already precludes any modification of __proto__  
>> after
>> Object.freeze. That's because __proto__ is an own property.
>
> In whose implementation?  How do you know that somebody's hasn't  
> implemented __proto__ as a getter property that is inherited from  
> Object.prototype?

Indeed __proto__ is implemented in SpiderMonkey as a getter/setter  
pair defined on Object.prototype, using a combination of attributes  
("shared" + permanent AKA DontDelete) which make it appear that the  
property is own, even though it is not for any object other than  
Object.prototype.

We use this for other properties, e.g. the length property of function  
objects:

js> function f(a,b,c){}
js> f.length
3
js> f.hasOwnProperty('length')
true
js> delete f.length
false

Nothing above involved creating an own 'length' property in f.


> The spec. can't really make assumptions about things that are not  
> part of the spec.

Agreed.


>
>> The oversight is that internal properties are not own properties (I  
>> think).
>
> "internal properties" are neither own nor inherited properties.   
> They are simply a specification mechanism that is used to define  
> various aspects of the semantics of objects.  You can't assume that  
> any of the semantics of named properties apply to internal  
> properties.  Neither am I willing to conceded that no conceivable  
> addition to the language will ever require the modeling of some non- 
> property semantic state whose mutability isn't linked to the state  
> of [[Extensible]].  For example, I can image various object  
> finalization mechanisms that might require new per object state to  
> specify.

Agreed emphatically. The spec's internal methods are abstractions.  
They should not be treated as concretely as "own" properties, at least  
not without a lot more thought and care. This ties into catchalls and  
Waldemar's objection about catchalls climbing the meta ladder.

/be


More information about the es5-discuss mailing list