Use nullary objects #58

Merged
merged 1 commit into from Apr 26, 2013

Projects

None yet

3 participants

@eivindfjeldstad
Contributor

Don't allow Object prototype to be modified. Test will fail in IE < 9

@tj tj merged commit 8d2276f into tj:master Apr 26, 2013

1 check passed

default The Travis build passed
Details
@wavded
wavded commented May 2, 2013

nullary objects also remove toString() and valueOf() which means you can't compare values with ==

var object = Object.create(null)
object == 'thingy'
TypeError: Cannot convert object to primitive value

=== will work but i imagine having no Object.prototype anymore is causing issues for others (like in the reference above)

/cc @visionmedia

@tj
Owner
tj commented May 2, 2013

yarg :( silly javascript

@eivindfjeldstad
Contributor

An alternative could be to keep a blacklist of properties. Or even attatch the proto after the fact. Like

var obj = Object.create(null);
// parse querystring
obj.__proto__ = {}

Might be bad for performance though

@wavded
wavded commented May 2, 2013

if I may inquire, what was the rationale for using nullary objects?

Object.create(null) is significantly slower than {}, not sure how hot this code path is in this case though:

http://jsperf.com/object-create-proto-after

@tj
Owner
tj commented May 2, 2013

__proto__ is plenty fast enough if we want to go that route, plus @wavded it's definitely much slower but at several million ops/s that doesn't matter

@wavded
wavded commented May 2, 2013

yeah fair enough, i'm cool with __proto__

@eivindfjeldstad
Contributor

I have a feeling this is going to come up again and again. As long as Object.prototype is safe, I'm happy.

@wavded
wavded commented May 2, 2013

Yeah I agree

@tj
Owner
tj commented May 3, 2013

0.6.3 has the fix

@simov simov referenced this pull request in senchalabs/connect Nov 5, 2013
Closed

BUG in bodyParser #953

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment