

Little dunder proto - bpierre
http://blog.lassus.se/2013/10/little-dunder-proto.html

======
NathanKP
__proto__ is an old, deprecated feature of JavaScript. The proper way to get
the prototype of an object is with Object.getPrototypeOf(object) and use
Object.setPrototypeOf(object) to set a prototype.

I'm assuming in this example what the web app is doing is it is using the name
of the child as the key in a object like this:

    
    
        students[studentName] = studentDetails;
    

Since the child's name is __proto__ the web app is setting:

    
    
        students['__proto__'] = studentDetails;
    

Which is the same as:

    
    
        students.__proto__ = studentDetails;
    

Which sets the prototype of the object full of students to the student's
details, and will totally break things.

There is no reason to use a library like stringset.js or stringmap.js with
extra overhead. The proper solution is to never use user supplied strings as
keys in an object. A good key to use in this situation for an object full of
students would be a generated student ID or something like that.

~~~
olov
For many problems, you never need a stringmap (in any language so JS). For a
lot of problems, you do.

Perhaps the administrative software for this school wanted to display the most
popular names in each class, which you'd typically do with a stringmap and
many would mistakenly do with an object. That's the same problem as counting
word frequencies in a sentence.

__proto__ bugs are a real thing, and it affects small and large apps (Google
Apps comes to mind).

~~~
NathanKP
True. Those are both examples of problems where a string map using user
supplied strings as keys would be the best solution to the problem.

