Hacker News new | comments | show | ask | jobs | submit login
Little dunder proto (lassus.se)
20 points by bpierre 1441 days ago | hide | past | web | 3 comments | favorite



__proto__ is an old, deprecated feature of JavaScript. The proper way to get the prototype of an object is with Object.getPrototypeOf(object) and use Object.setPrototypeOf(object) to set a prototype.

I'm assuming in this example what the web app is doing is it is using the name of the child as the key in a object like this:

    students[studentName] = studentDetails;
Since the child's name is __proto__ the web app is setting:

    students['__proto__'] = studentDetails;
Which is the same as:

    students.__proto__ = studentDetails;
Which sets the prototype of the object full of students to the student's details, and will totally break things.

There is no reason to use a library like stringset.js or stringmap.js with extra overhead. The proper solution is to never use user supplied strings as keys in an object. A good key to use in this situation for an object full of students would be a generated student ID or something like that.


For many problems, you never need a stringmap (in any language so JS). For a lot of problems, you do.

Perhaps the administrative software for this school wanted to display the most popular names in each class, which you'd typically do with a stringmap and many would mistakenly do with an object. That's the same problem as counting word frequencies in a sentence.

__proto__ bugs are a real thing, and it affects small and large apps (Google Apps comes to mind).


True. Those are both examples of problems where a string map using user supplied strings as keys would be the best solution to the problem.




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: