The text “__proto__” can break a webapp
[2012-11-06] esnext, dev, javascript, __proto__, jslang
(Ad, please don’t block)
[This post is part of a series on the special property __proto__]
The text “__proto__” can still break webapps if it appears somewhere in the content, as I was reminded of today, via Domenic Denicola and Peter van der Zee.
The breakage
The following webapps are susceptible to “__proto__”-induced breakage:- The classic – Google Docs: For a while, if you typed in “__proto__” at the beginning of a document in Google Docs then it would hang.
- Current – Twitter: If you click on @__proto__ in a tweet then the profile summary that comes up only has a title bar, but no content. You also get “slow script” dialogs in Firefox. You can try it out in this tweet.
Why?
__proto__ is a special property of JavaScript objects [1]. Therefore, if you use an object as a map from strings to values, you must not use the string "__proto__" as a key. That is one of several things that you have to watch out for when using objects this way [2].__proto__ is only supported in some browsers, things only break if it is supported. Thus, Firefox exhibits these problems, but Internet Explorer 9 does not. However, __proto__ will become part of ECMAScript 6 [1] which means that all browsers will eventually support it.
References
JavaScript for impatient programmers
Book (free online), exercises, quizzes
Book (free online), exercises, quizzes
Deep JavaScript
Book (free online)
Book (free online)
Tackling TypeScript
Book (free online)
Book (free online)
Node.js shell scripting
Book (free online)
Book (free online)
ECMAScript News
Newsletter (free)
Newsletter (free)