Reputation: 13713
Properties of objects in JavaScript
Can I safely assume that in any implementation of JavaScript,
1.) for any object generated by the var obj = { ... }; construct, obj[s] is undefined for any string s unless obj[s] has been explicitly set by my own code?
2.) if typeof obj === 'object' (and obj does not stem from some global, pre-defined variable or function in the global namespace), Object.hasOwnProperty(obj, s) is false for any string s except when I have set property s explicity before or, maybe, when Array.isArray(obj) is true?
In short: Can I assume that user-generated objects that are neither arrays nor of function type do not have pre-defined own properties?
Background: I need to write an interpreter for a very tiny subset of JavaScript that should safely execute user code. I would like to leverage on the optimization capabilities of the JavaScript engine. Hence I am planning to (1.) parse the user's code, (2.) re-write the AST such that (a) no global names can be accessed, (b) property access is restricted by a construct like ((typeof obj === 'object') && Object.hasOwnProperty(obj, s)) ? obj[s] : undefined, (3.) eval the re-written code. For this to work, it is necessary for the objects not to have predefined properties like, e.g., (function () {}).caller, as otherwise the user could make my interpreter to execute arbitrary code or mess with the global objects of my environment in general.
Does, maybe, anybody know of a package where something like this has been done already? My requirements are not high: I need to execute user code, the user needs to work with numbers, strings, arrays, objects, and functions, and I need to exchange these things with the user code.
Edit: First assumption is wrong, see answers.
Upvotes: 0
Views: 64
Answers (1)
Reputation: 780889
You can't assume #1. obj[s] will access inherited properties, not just own properties.
var obj = {a: 1, b: 2}
console.log(obj["__proto__"] === undefined);
console.log(obj["toString"] === undefined);I think #2 is a safe assumption. The whole point of hasOwnProperty() is to distinguish inherited properties from properties that were assigned explicitly in the object.
Upvotes: 3
Related Questions
- javascript eval and object evaluation
- How to avoid eval when accessing object properties?
- Understanding object literals
- Javascript: How to return or parse an object literal with eval?
- Eval Method of object
- Javascript - eval object creation?
- How to use String representation of object property, operator, and value?
- Javascript Object investigation
- JavaScript acrobatics: How to assign an object literal to an eval-uated property?
- Properties of JavaScript objects