Thinking of "Object.create(null)" as fairly safe, I was quite surprised by
your examples, especially as i could only reproduce them in node, not in
browsers. Further testing indicates these are already fixed in current v8
versions (see below).
Still, good to know what one might run into using not-old node versions.
Claus
$ cat tst/hash-proto-null.html
// <script>
var t = Object.create(null);
var key = "__proto__";
t[key] = 27;
console.log( t[key] );
var t = Object.create(null);
t["__proto__"] = {standard: "yes and no"};
console.log( t.standard, t.__proto__ );
// </script>
$ node tst/hash-proto-null.html
null
yes and no { standard: 'yes and no' }
$ node-v0.11.4/node.exe tst/hash-proto-null.html
27
undefined { standard: 'yes and no' }
$ node -p 'process.versions'
{ http_parser: '1.0',
node: '0.10.10',
v8: '3.14.5.9',
ares: '1.9.0-DEV',
uv: '0.10.10',
zlib: '1.2.3',
modules: '11',
openssl: '1.0.1e' }
$ node-v0.11.4/node.exe -p 'process.versions'
{ http_parser: '1.0',
node: '0.11.4',
v8: '3.20.2',
ares: '1.10.0-DEV',
uv: '0.11.5',
zlib: '1.2.3',
modules: '0x000C',
openssl: '1.0.1e' }
"Jorge Chamorro" wrote:
On 20/09/2013, at 15:40, mks wrote:
{} is not an hash table. Object.create(null) is more likely
That, *and* kill the __proto__, if not:
hash= Object.create(null);
key= '__proto__';
hash[key]= 27;
hash[key]
null //What?
Or worse:
hash[key]= this;
'require' in hash
true //What?
'console' in hash
true //What?
'Array' in hash
true //What?
etc.
--
( Jorge )();
--
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
