On Jul 26, 2014, at 6:02 , Peter van der Zee <[email protected]> wrote:
> On Sat, Jul 26, 2014 at 5:43 AM, Axel Rauschmayer <[email protected]> wrote:
>> The only exception that comes to my mind is `{}.hasOwnProperty.call(obj,
>> key)` (which is the only safe way to invoke this method). Would it make
>> sense to provide that as a tool function, e.g. as `Reflect.hasOwn()`?
>
> That would make it unsafe again. Not so much from random people
> polluting the global Object, but certainly unsafe from a security
> perspective.
With “safe”, I only meant w.r.t. overriding (e.g., `obj.hasOwnProperty('foo')`
fails if `obj` has an own property whose name is `'hasOwnProperty'`).
Security-wise, how is `{}.hasOwnProperty.call()` safer than a hypothetical
`Reflect.hasOwn()`?
Axel
--
Dr. Axel Rauschmayer
[email protected]
rauschma.de
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
