Prototype adds methods to Array.prototype. It doesn't override the Array() function itself (which is a theoretical attack vector for a JSON exploit). Permissive JS environments allow anyone to redefine any function, even constructors for basic data types — but Firefox 3 will no longer allow redefinition of those constructors.
This doesn't affect Prototype at all. Also, it should be noted that the class system proposed for JS2/ES4 will likely harden all "native" functions in a similar manner. (Classes themselves are immutable, but still have prototypes behind them, so that you can add new things but not redefine what already exists.) Cheers, Andrew On May 29, 4:45 pm, Marty Hall <[EMAIL PROTECTED]> wrote: > According > tohttp://ejohn.org/blog/re-securing-json/andhttp://www.mozilla.com/en-US/firefox/3.0rc1/releasenotes/#whatsnew, > Firefox 3 will prohibit changes to global objects like Array. Does > this mean that Prototype and Scriptaculous will not work in Firefox 3? > Or did I misunderstand the new Firefox 3 security rules? > > Cheers- > > - Marty --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
