W3C home > Mailing lists > Public > public-web-security@w3.org > February 2011

Re: defineProperty is a blacklist

From: Daniel Veditz <dveditz@mozilla.com>
Date: Wed, 16 Feb 2011 11:04:51 -0800
Message-ID: <4D5C1FD3.5020407@mozilla.com>
To: gaz Heyes <gazheyes@gmail.com>
CC: public-web-security@w3.org
On 2/13/11 12:57 PM, gaz Heyes wrote:
> I'd like to emphasize my point made at the OWASP summit,
> defineProperty rocks and the ES5 specification was created by the
> hands of js gods but for all it's brilliance defineProperty is still
> a blacklist. We need the ability to somehow create a whitelist of
> allowed properties and the ability to apply a property descriptor to
> any properties that do not conform to this whitelist.

Is Object.preventExtensions what you want?

https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/Object/preventExtensions

Take a look at Object.seal and Object.freeze as well.

-Dan Veditz
Received on Wednesday, 16 February 2011 19:06:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 16 February 2011 19:06:11 GMT