I'm not here to say it would be a bad thing but it might be hard to delete __proto__ for 2 reasons: 1. it is part of the V8 engine 2. it is planned to be standardized in ECMAScript 6
some want to have it unavailable in "strict mode"... will see for sure, since ECMAScript 5, we'd better use getPrototypeOf() but such good practice will probably have to be enforced by Lint tools instead of having __proto__ removed Le jeudi 19 septembre 2013 21:35:59 UTC+2, Andrew Kelley a écrit : > > I'm sure this has been discussed before but I don't know where. > > Here are some facts: > > 1. Putting user data (and other kinds of data if you're not careful) > inside an object is a huge security problem. Domenic explains this quite > well in the readme of his dict module: https://github.com/domenic/dict > 2. Object.getPrototypeOf() is available as a perfect substitution for > __proto__. It does exactly what you want, without the security risk. > 3. Developers *will* use __proto__ if it is available, and they *will* put > user data in objects. > > Here is an opinion: > > DELETE IT FOREVER!! > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
