Axel Rauschmayer (2014-07-26T04:13:04.000Z)
On Jul 26, 2014, at 6:02 , Peter van der Zee <ecma at qfox.nl> wrote:

> On Sat, Jul 26, 2014 at 5:43 AM, Axel Rauschmayer <axel at rauschma.de> wrote:
>> The only exception that comes to my mind is `{}.hasOwnProperty.call(obj,
>> key)` (which is the only safe way to invoke this method). Would it make
>> sense to provide that as a tool function, e.g. as `Reflect.hasOwn()`?
> 
> That would make it unsafe again. Not so much from random people
> polluting the global Object, but certainly unsafe from a security
> perspective.

With “safe”, I only meant w.r.t. overriding (e.g., `obj.hasOwnProperty('foo')` fails if `obj` has an own property whose name is `'hasOwnProperty'`).

Security-wise, how is `{}.hasOwnProperty.call()` safer than a hypothetical `Reflect.hasOwn()`?

Axel

-- 
Dr. Axel Rauschmayer
axel at rauschma.de
rauschma.de



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140726/c5b4b62a/attachment.html>
domenic at domenicdenicola.com (2014-08-04T23:38:44.742Z)
With “safe”, I only meant w.r.t. overriding (e.g., `obj.hasOwnProperty('foo')` fails if `obj` has an own property whose name is `'hasOwnProperty'`).

Security-wise, how is `{}.hasOwnProperty.call()` safer than a hypothetical `Reflect.hasOwn()`?