Le 14 sept. 2014 à 01:58, Mark S. Miller <[email protected]> a écrit :
> +1
>
> Adding string-named properties to Object.prototype will create all sorts of
> hazards. The only way to avoid such hazards is not to do that. We do not need
> to pervert other APIs to make this fatally bad practice slightly less fatal.
>
> If you want to actually defend against such hazards rather than blindly
> trusting all you code not to add properties to Object.prototype, do
>
> Object.preventExtensions(Object.prototype);
>
> However, this will also prevent the addition of symbol-named properties,
> which are still problematic but much less so.
>
Yes, and it would be nice to have more fine-grained methods than
Object.preventExtensions. For example:
Object.forbidProperties(Object.prototype, ['value', 'writable', 'get',
'set', 'configurable', 'enumerable'])
Object.forbidNumericalProperties(Array.prototype)
This could be experimented with proxies... although it will be easy to
circumvent the proxy by using `Object.getPrototypeOf({})` instead of
`Object.prototype`, unless we monkey-patch `Object.getPrototypeOf`,
`Object.prototype.__proto__`, `Reflect.getPrototypeOf`...
―Claude
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
