I think we should remove those anti-spoofing "protections". I anticipate a discussion at TC39 next week.
-----Original Message----- From: es-discuss [mailto:[email protected]] On Behalf Of Nicholas C. Zakas Sent: Monday, January 19, 2015 17:59 To: es-discuss Subject: @@toStringTag spoofing for null and undefined According to 19.1.3.6 Object.prototype.toString() [1], it's possible to do this: ```js function Foo(){} Foo.prototype[Symbol.toStringTag] = "Null"; Object.prototype.toString.call(new Foo()); // "[object Null]" ``` It seems like `"Null"` and `"Undefined"` should be added to the step 17(b) list of exceptions to prevent spoofing of null and undefined values using this approach. I couldn't think of a reason why the current behavior would make sense, but if I'm off base, feel free to correct me. :) [1]: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-object.prototype.tostring -- ___________________________ Nicholas C. Zakas http://www.nczonline.net _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
