Another de-facto insecurity we need to fix in ES5

Brendan Eich brendan at mozilla.org
Tue Jun 23 14:42:45 PDT 2009


On Jun 23, 2009, at 1:04 PM, David-Sarah Hopwood wrote:

> In any case, I repeat that there is no reason to distinguish between
> [[Prototype]] and other internal properties in this respect.

I agree, FWIW -- I was focused on [[Prototype]] due to the __proto__  
concern.

Still, if the intention of the proposed spec language change is to  
make sure implementations treat o.__proto__ as not writable when  
Object.freeze(o), e.g., is called, then calling out [[Prototype]]  
would increase the odds of achieving the intended goal.

Mentioning __proto__ would increase those odds even more, but it is  
hard to name that horror without inducing madness (shades of  
Lovecraft ;-)).

/be


More information about the es5-discuss mailing list