Another de-facto insecurity we need to fix in ES5
erights at gmail.com
Tue Jun 23 18:45:38 PDT 2009
On Tue, Jun 23, 2009 at 2:42 PM, Brendan Eich <brendan at mozilla.org> wrote:
> On Jun 23, 2009, at 1:04 PM, David-Sarah Hopwood wrote:
> In any case, I repeat that there is no reason to distinguish between
>> [[Prototype]] and other internal properties in this respect.
> I agree, FWIW -- I was focused on [[Prototype]] due to the __proto__
> Still, if the intention of the proposed spec language change is to make
> sure implementations treat o.__proto__ as not writable when
> Object.freeze(o), e.g., is called, then calling out [[Prototype]] would
> increase the odds of achieving the intended goal.
Yes. For that reason I favor calling [[Prototype]] out. Iff normative text
elsewhere makes that specific explicitness redundant, then the specific
explicit statement could be a non-normative note. But, as with F.caller, the
implication needs to be normative so that conformance test suites can test
for expected violations.
> Mentioning __proto__ would increase those odds even more,
Mentioning __proto__ in a non-normative note would certainly be fine.
> but it is hard to name that horror without inducing madness (shades of
> Lovecraft ;-)).
Text by me above is hereby placed in the public domain
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es5-discuss