Normative: Make Object.prototype an Immutable Prototype Exotic Object

This patch builds a mechanism to fix the Proxy security issue documented in bug #272 by locking down the prototype chain of the global object, as Firefox has experimented with. Although the global object is provided by the embedding environment, many embedding environments will include Object in the prototype chain; preventing modification of Object.prototype addresses the issue by making it impossible to insert a Proxy in that part of the prototype chain of the global object. Embedding environments that want to prohibit a Proxy from being in the proto chain of their global object can make their global object and associated proto chain Immutable Prototype exotic objects. Fixes #308. Fixes #272. This commit includes changes on top of the commit in #308 based on the discussion therein.
tc39 · Feb 4, 2016 · 935dad4 · 935dad4
1 parent 6bf9aab
commit 935dad4
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/spec.html b/spec.html
@@ -8118,6 +8118,22 @@ <h1>ModuleNamespaceCreate (_module_, _exports_)</h1>
         </emu-alg>
       </emu-clause>
     </emu-clause>
+
+    <emu-clause id="sec-immutable-prototype-exotic-objects">
+      <h1>Immutable Prototype Exotic Objects</h1>
+      <p>An <dfn>immutable prototype exotic object</dfn> is an exotic object that has an immutable [[Prototype]] internal slot.</p>
+
+      <emu-clause id="sec-immutable-prototype-exotic-objects-setprototypeof-v">
+        <h1>[[SetPrototypeOf]] (_V_)</h1>
+        <p>When the [[SetPrototypeOf]] internal method of an immutable prototype exotic object _O_ is called with argument _V_ the following steps are taken:</p>
+        <emu-alg>
+          1. Assert: Either Type(_V_) is Object or Type(_V_) is Null.
+          1. Let _current_ be the value of the [[Prototype]] internal slot of _O_.
+          1. If SameValue(_V_, _current_), return *true*.
+          1. Return *false*.
+        </emu-alg>
+      </emu-clause>
+    </emu-clause>
   </emu-clause>
 
   <!-- es6num="9.5" -->
@@ -22738,7 +22754,7 @@ <h1>Object.setPrototypeOf ( _O_, _proto_ )</h1>
     <!-- es6num="19.1.3" -->
     <emu-clause id="sec-properties-of-the-object-prototype-object">
       <h1>Properties of the Object Prototype Object</h1>
-      <p>The Object prototype object is the intrinsic object <dfn>%ObjectPrototype%</dfn>. The Object prototype object is an ordinary object.</p>
+      <p>The Object prototype object is the intrinsic object <dfn>%ObjectPrototype%</dfn>. The Object prototype object is an immutable prototype exotic object.</p>
       <p>The value of the [[Prototype]] internal slot of the Object prototype object is *null* and the initial value of the [[Extensible]] internal slot is *true*.</p>
 
       <!-- es6num="19.1.3.1" -->