I'm assuming in this example what the web app is doing is it is using the name of the child as the key in a object like this:
students[studentName] = studentDetails;
students['__proto__'] = studentDetails;
students.__proto__ = studentDetails;
There is no reason to use a library like stringset.js or stringmap.js with extra overhead. The proper solution is to never use user supplied strings as keys in an object. A good key to use in this situation for an object full of students would be a generated student ID or something like that.
Perhaps the administrative software for this school wanted to display the most popular names in each class, which you'd typically do with a stringmap and many would mistakenly do with an object. That's the same problem as counting word frequencies in a sentence.
__proto__ bugs are a real thing, and it affects small and large apps (Google Apps comes to mind).