Can Harmony Proxies be used to detect when the prototypes or builtins are being overridden?
If so, you could save the original and provide a new API to fetch the original. On Mar 13, 2013, at 3:01 AM, Jakob Kummerow <[email protected]> wrote: > On Tue, Mar 12, 2013 at 11:56 PM, Benjamin Kalman <[email protected]> wrote: > I'm on the Chrome Extensions team, and we've run into a problem where > extensions override Array.prototype.forEach in a way that breaks our internal > JS. > > A workaround we've done is to write our own forEach method, but this problem > is widespread - extensions also override JSON, document.createElement, etc - > the vector for accidental breakage is as widespread as all of the JS and DOM > libraries. > > Welcome to JavaScript! Have you considered using a language with a sane > specification? > > What is the best way to protect against this in a general way? > > There is none. Being able to monkey-patch everything is a "feature" of the > language. Fun fact: some properties are read-only, so they can be relied > upon. Or can they? > > Math.PI > 3.141592653589793 > > Math.PI = 4 > > Math.PI > 3.141592653589793 > > Math = {PI: 4} > > Math.PI > 4 > > The only safe thing I can think of is to run all our code in a separate > context, but I've been told that creating contexts is an expensive operation. > How expensive? > > Have you tried benchmarking it? If you can't measure it, it's not important. > If you can, you'll have data to help decide whether the difference is a > problem in your use case or not. > > Alternatively, apparently v8 has solved this problem internally by > guaranteeing that it's running the builtin libraries - is/can this be exposed? > > Sorry, no. > You can lobby for an official way to retrieve the original unpatched > implementations to be included in ECMAScript 7. The general problem with > introducing sanity, however, is that you can't break existing code, which > basically means that all the good stuff has to be opt-in, which in turn means > that the original problem doesn't just go away, instead you'll still have to > support it until it slowly dies out, if ever. > > Crazy idea: how about a rule for the Chrome web store that forbids > monkey-patching builtins? :-) > > > Cheers, > Ben. > > -- > -- > v8-users mailing list > [email protected] > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > -- > v8-users mailing list > [email protected] > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- -- v8-users mailing list [email protected] http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
