Re: A case for removing the seal/freeze/isSealed/isFrozen traps

Mon, 18 Feb 2013 14:56:10 -0800 

On Mon, Feb 18, 2013 at 2:27 PM, Nathan Wall <nathan.w...@live.com> wrote:

> Claus Reinke wrote:
> > Careful there, you're not done!-) With nodejs, adding the following
> >
> > var table = makeTable();
> > table.add(1);
> > table.add(2);
> > table.add(3);
> >
> > var secret;
> > Object.defineProperty(Array.prototype,42,{get:function(){ secret =
> this;}});
> >
> > table.get(42);
> > console.log(secret);
> > secret[5] = "me, too!";
> >
> > console.log( table.get(5) );
> >
> > to your code prints
> >
> > $ node integrity.js
> > [ 1, 2, 3 ]
> > me, too!
> >
> > Couldn't resist,
> > Claus
> >
>
> Nice! This is not something I had considered. Aside from freezing
> Array.prototype, I can only really think of one solution: not use an array.
>
>     var create = Object.create,
>         freeze = Object.freeze,
>         push = Function.prototype.call.bind(Array.prototype.push);
>     function makeTable() {
>       var array = create(null);
>       return freeze({
>         add: function(v) { push(array, v); },
>         store: function(i, v) { array[i >>> 0] = v; },
>

In all seriousness, I suggest
    array[+i] = v;
rather than
    array[i >>> 0] = v;
because the latter is too verbose to become a habit. I recommend this even
though I agree that the more verbose one has the better semantics.



>         get: function(i) { return array[i >>> 0]; }
>       });
>     }
>
> I suppose the array isn't really needed since we're not using methods
> inherited from Array.prototype. Downside: Browsers won't know to optimize
> the object as an array.
>
> (Side note: Mark's original post was in the context of frozen
> Array.prototype on non-compliant implementations which allow writing to
> inherited non-writable properties. I find this a fun exercise without
> frozen Array.prototype, though.)
>

Note that Jorge's attack at
https://mail.mozilla.org/pipermail/es-discuss/2011-November/017979.htmlworks
even on compliant browsers.



>
> Nathan
> _______________________________________________
> es-discuss mailing list
> es-discuss@mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>



-- 
    Cheers,
    --MarkM

_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss

Reply via email to