#1446 — 15.3.4.7: writable+configurable Function.prototype[@@hasInstance] can reveal [[BoundTarget]]

bug_id: 1446
creation_ts: 2013-04-19 02:12:00 -0700
short_desc: 15.3.4.7: writable+configurable Function.prototype[@@hasInstance] can reveal [[BoundTarget]]
delta_ts: 2013-05-14 18:13:01 -0700
product: Draft for 6th Edition
component: technical issue
version: Rev 14: March 8, 2013 Draft
rep_platform: All
op_sys: All
bug_status: RESOLVED
resolution: FIXED
priority: Normal
bug_severity: normal
everconfirmed: true
reporter: André Bargull
assigned_to: Allen Wirfs-Brock

commentid: 3647
comment_count: 0
who: André Bargull
bug_when: 2013-04-19 02:12:31 -0700

Function.prototype[@@hasInstance] is currently writable+configurable, re-defining Function.prototype[@@hasInstance] thus makes it possible to reveal the [[BoundTarget]] internal data property of bound functions.

Simple example using `Intl.Collator.prototype.compare` which returns a bound function, the internal "compare" function should not be revealed to the user.

> js> oldHasInstance = Function.prototype[getSym("@@hasInstance")]
> function @@hasInstance() { /* native code */ }
> js> Function.prototype[getSym("@@hasInstance")] = function(v){ print("@@hasInstance: "+this); return oldHasInstance.call(this, v) }
> function(v){ print("@@hasInstance: "+this); return oldHasInstance.call(this, v) }
> js> [] instanceof Intl.Collator.prototype.compare
> @@hasInstance: function BoundFunction() { /* native code */ }
> @@hasInstance: function compare() { /* native code */ }

commentid: 3658
comment_count: 1
who: Allen Wirfs-Brock
bug_when: 2013-04-19 13:58:03 -0700

Ok, I'll make Function.prototype[@@hasInstance]] non-writable and non-configurable.

fixed in rev 15 editor's draft

commentid: 3866
comment_count: 2
who: Allen Wirfs-Brock
bug_when: 2013-05-14 18:13:01 -0700

resolved in rev 15, May 14, 2013 draft

archives

#1446 — 15.3.4.7: writable+configurable Function.prototype[@@hasInstance] can reveal [[BoundTarget]]