Prototype Object on Classes
On 10/29/07, Yehuda Katz <wycats at gmail.com> wrote:
I couldn't quite determine this from the white-paper:
If I define a class using the new class constructs, and do not make it dynamic, will I still be able to add new properties to the prototype object?
Yes.
If so, doesn't that provide a simple way to end-run around the entire lock-down that the new classical model provides?
Depends on your point of view. (My view is that non-dynamic objects are more useful to catch mistakes than to provide security.)
You still can't:
- add properties to the object itself, since it's not dynamic -- you get a run-time error
- overwrite methods defined directly in the class (they're ReadOnly/DontDelete)
Two more facts are relevant:
- Strict mode will report as illegal references to properties not defined in the class, if you've made the type of the object known through an annotation.
- When you define a class you get a prototype object that's basically empty, but whose [[Prototype]] is Object.prototype, so there are a couple of public properties there (toString etc). You can add properties to your class's prototype object, or objects anywhere on the prototype chain, but basically anything defined in the class or any of its base classes take precedence over the properties in the prototype chain during lookup.
I now realize a couple of these details were not mentioned in the paper but should have been.
On 10/29/07, Lars T Hansen <lth at acm.org> wrote:
On 10/29/07, Yehuda Katz <wycats at gmail.com> wrote:
I couldn't quite determine this from the white-paper:
If I define a class using the new class constructs, and do not make it dynamic, will I still be able to add new properties to the prototype object?
Yes.
If so, doesn't that provide a simple way to end-run around the entire lock-down that the new classical model provides?
Depends on your point of view. (My view is that non-dynamic objects are more useful to catch mistakes than to provide security.)
You still can't:
- add properties to the object itself, since it's not dynamic -- you get a run-time error
- overwrite methods defined directly in the class (they're ReadOnly/DontDelete)
Even via the Prototype object? So this will fail?
class Foo { function bar() { } } Foo.prototype.bar = function() { } #=> throw Error
Two more facts are relevant:
- Strict mode will report as illegal references to properties not defined in the class, if you've made the type of the object known through an annotation.
So this will fail?
class Foo { } foo.prototype.bar = 1; var x:Foo = new Foo; y = x.bar; #=> throw Error
But this won't?
class Foo { } foo.prototype.bar = 1 var x = new Foo; y = x.bar #=> 1
- When you define a class you get a prototype object that's
basically empty, but whose [[Prototype]] is Object.prototype, so there are a couple of public properties there (toString etc). You can add properties to your class's prototype object, or objects anywhere on the prototype chain, but basically anything defined in the class or any of its base classes take precedence over the properties in the prototype chain during lookup.
So the prototype object doesn't contain methods defined in a class?
class Foo { function bar() { } } Foo.prototype.bar #=> undefined
Foo.prototype.toString #=> Object.prototype.toString()
I now realize a couple of these details were not mentioned in the
paper but should have been.
Perhaps ;)
I couldn't quite determine this from the white-paper:
If I define a class using the new class constructs, and do not make it dynamic, will I still be able to add new properties to the prototype object? If so, doesn't that provide a simple way to end-run around the entire lock-down that the new classical model provides?