On Feb 19, 2015, at 9:23 AM, David Bruant bruan...@gmail.com wrote:
Hi,
Half a million times the following meta-exchange happened on es-discuss:
- if an attacker modifies Object.prototype, then you're doomed in all sorts
of ways
- Don't let anyone modify it. Just do
this, and the fact descriptors suffer inheritance which for 3 boolean
properties or a method are absolutely not helpful and make the env doomed by
`Object.prototype.writable = true` shenanigans.
Umm, those solutions are in opposition. If you seal-freeze-scotch-tape
Object.prototype up,
On Thu, Feb 19, 2015 at 10:14 AM, Andrea Giammarchi
andrea.giammar...@gmail.com wrote:
uhm ... have I forgotten a `delete` or should I have set `{value:
Object.prototype[name],
writable: false, configurable: false}` instead ? (enumerable should be
preserved as false too)
Either would
uhm ... have I forgotten a `delete` or should I have set `{value:
Object.prototype[name],
writable: false, configurable: false}` instead ? (enumerable should be
preserved as false too)
Yep, actually you got me there, this is a light side effect since usually
nobody redefines the
Yeah, beside the fact whenever you freeze something, and you create a
module, or a library, or whatever, you don't know what you are freezing up.
Since priority is arbitrary, if script A sets stuff before script B then
you are done.
Also, I use Object.prototype without causing any sort of
Hi,
Half a million times the following meta-exchange happened on es-discuss:
- if an attacker modifies Object.prototype, then you're doomed in all
sorts of ways
- Don't let anyone modify it. Just do Object.freeze(Object.prototype)!
I've done it on client-side projects with reasonable success.
On Thu, Feb 19, 2015 at 9:23 AM, David Bruant bruan...@gmail.com wrote:
Hi,
Half a million times the following meta-exchange happened on es-discuss:
- if an attacker modifies Object.prototype, then you're doomed in all
sorts of ways
- Don't let anyone modify it. Just do
this, and the fact descriptors suffer inheritance which for 3 boolean
properties or a method are absolutely not helpful and make the env doomed
by `Object.prototype.writable = true` shenanigans.
Yes, I'd personally +1 all these fixes that made these ES5 features not the
easiest one to play with
On Thu, Feb 19, 2015 at 9:54 AM, Andrea Giammarchi
andrea.giammar...@gmail.com wrote:
Just as workaround, if you really need that much to freeze the
`Object.prototype`, you could:
```js
Object
.getOwnPropertyNames(Object.prototype)
.filter((name) =
9 matches
Mail list logo
