Hacker News new | past | comments | ask | show | jobs | submit login
Little dunder proto (lassus.se)
20 points by bpierre on Oct 15, 2013 | hide | past | favorite | 3 comments

__proto__ is an old, deprecated feature of JavaScript. The proper way to get the prototype of an object is with Object.getPrototypeOf(object) and use Object.setPrototypeOf(object) to set a prototype.

I'm assuming in this example what the web app is doing is it is using the name of the child as the key in a object like this:

    students[studentName] = studentDetails;
Since the child's name is __proto__ the web app is setting:

    students['__proto__'] = studentDetails;
Which is the same as:

    students.__proto__ = studentDetails;
Which sets the prototype of the object full of students to the student's details, and will totally break things.

There is no reason to use a library like stringset.js or stringmap.js with extra overhead. The proper solution is to never use user supplied strings as keys in an object. A good key to use in this situation for an object full of students would be a generated student ID or something like that.

For many problems, you never need a stringmap (in any language so JS). For a lot of problems, you do.

Perhaps the administrative software for this school wanted to display the most popular names in each class, which you'd typically do with a stringmap and many would mistakenly do with an object. That's the same problem as counting word frequencies in a sentence.

__proto__ bugs are a real thing, and it affects small and large apps (Google Apps comes to mind).

True. Those are both examples of problems where a string map using user supplied strings as keys would be the best solution to the problem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact