Node.js is javascript, if you remove __proto__ then it's not javascript.
That being said, sorry but imo Domenic's dict module is based on a poor
design. The "in" operator is fucking-terrible-uber-extremly slow thing
compared with a comparison with undefined:
var o = {}
"a" in o; //slow and dangerous as the dict module says
o.a === undefined; //Fast and safe, o.__proto__ === undefined -> false
speedy
test<https://github.com/gagle/node-speedy/blob/master/examples/in-object.js>
File: in-object.js
Node v0.10.18
V8 v3.14.5.9
Speedy v0.0.8
Benchmarks: 2
Timeout: 1000ms (1s 0ms)
Samples: 3
Total time per benchmark: ~3000ms (3s 0ms)
Total time: ~6000ms (6s 0ms)
Higher is better (ops/sec)
in
16,279,539 ± 0.0%
undefined
151,203,277 ± 0.0%
Elapsed time: 6053ms (6s 53ms)
El jueves, 19 de septiembre de 2013 21:35:59 UTC+2, Andrew Kelley escribió:
>
> I'm sure this has been discussed before but I don't know where.
>
> Here are some facts:
>
> 1. Putting user data (and other kinds of data if you're not careful)
> inside an object is a huge security problem. Domenic explains this quite
> well in the readme of his dict module: https://github.com/domenic/dict
> 2. Object.getPrototypeOf() is available as a perfect substitution for
> __proto__. It does exactly what you want, without the security risk.
> 3. Developers *will* use __proto__ if it is available, and they *will* put
> user data in objects.
>
> Here is an opinion:
>
> DELETE IT FOREVER!!
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
