domenic at domenicdenicola.com (2014-08-04T23:38:44.742Z)
With “safe”, I only meant w.r.t. overriding (e.g., `obj.hasOwnProperty('foo')` fails if `obj` has an own property whose name is `'hasOwnProperty'`).
Security-wise, how is `{}.hasOwnProperty.call()` safer than a hypothetical `Reflect.hasOwn()`?
On Jul 26, 2014, at 6:02 , Peter van der Zee <ecma at qfox.nl> wrote: > On Sat, Jul 26, 2014 at 5:43 AM, Axel Rauschmayer <axel at rauschma.de> wrote: >> The only exception that comes to my mind is `{}.hasOwnProperty.call(obj, >> key)` (which is the only safe way to invoke this method). Would it make >> sense to provide that as a tool function, e.g. as `Reflect.hasOwn()`? > > That would make it unsafe again. Not so much from random people > polluting the global Object, but certainly unsafe from a security > perspective. With “safe”, I only meant w.r.t. overriding (e.g., `obj.hasOwnProperty('foo')` fails if `obj` has an own property whose name is `'hasOwnProperty'`). Security-wise, how is `{}.hasOwnProperty.call()` safer than a hypothetical `Reflect.hasOwn()`? Axel -- Dr. Axel Rauschmayer axel at rauschma.de rauschma.de -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140726/c5b4b62a/attachment.html>