On Feb 12, 2012, at 11:28 AM, Brendan Eich wrote: > Heh, I knew that was coming. I'll amend to say "of long standing" after > "implementations" :-P. > > I still have a gut feeling that someone is going to take advantage of the > setter for bad purposes that will be harder to block than would be the case > if __proto__ reflected as a data property. But I can't prove this.
I'm not sure about this -- the JSC+V8 model for __proto__ was a magic property on the object itself, not the prototype, so anything that could access an object could mutate its prototype. Pushing the property onto the prototype doesn't add any more restrictions over that (if you can access an object, by definition you can access its prototype). If you pull the setter function off of the prototype you can still only apply it to objects you could already access. --Oliver > > /be > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
