Some shims don’t guard against `Object.prototype` modifications #175

mathiasbynens · 2013-12-18T15:27:36Z

Add this to the tests:

Object.prototype[1] = 42; // try to break `arguments[1]`
Object.prototype[2] = 'lol'; // try to break `arguments[2]`

Functions and methods that might have this issue:

The text was updated successfully, but these errors were encountered:

paulmillr · 2013-12-18T17:08:10Z

Is it a real concern or hasOwnProperty usage is in the spec?

mathiasbynens · 2013-12-18T17:35:19Z

The spec for e.g. String#startsWith says:

Step 7. Let pos be ToInteger(position). (If position is undefined, this step produces the value 0).

Luckily, there’s no need to use hasOwnProperty to detect if a secondary argument was passed or not.

I had the same problem with my polyfill. Here’s the fix: mathiasbynens/String.prototype.startsWith@978e0c2

mathiasbynens closed this as completed Dec 18, 2013

mathiasbynens reopened this Dec 18, 2013

ghost assigned ljharb Dec 18, 2013

ljharb mentioned this issue Dec 18, 2013

Always check arguments length before pulling from it #177

Merged

paulmillr closed this as completed in #177 Dec 19, 2013

mathiasbynens mentioned this issue Dec 19, 2013

Modify Object.prototype in the tests #179

Merged

Provide feedback