> However, let's get back to (a) coffee :-); (b) ES6 and the ability to delete
> Object.prototype.__proto__.
>
> You don't want that to affect object literals evaluated in the same realm
> after such a deletion. Why not?
[Sorry for cutting in, but this is the core point of my confusion.]
I’d argue: delete Object.prototype.__proto__ is a measure to disable operations
for untrusted code that pose a security risk.
==> FORBID mutating [[Prototype]]:
foo.__proto__ = ... // set (1)
==> ALLOW:
{ __proto__: ... } // (2)
foo.__proto__ // get (3)
I’d allow the latter two in order not to break untrusted code that uses
operations that are already possible in standard ES5 (Object.create() and
Object.getPrototypeOf). AFAICT, these two operations pose no security risk.
Additionally, (1) and (3) should be disabled in a dict setting
(Object.prototype not in prototype chain). Previously, I referred to the wrong
numbers here.
Axel
--
Dr. Axel Rauschmayer
[email protected]
home: rauschma.de
twitter: twitter.com/rauschma
blog: 2ality.com
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
