var x = Object.create(null); x[hello] = world; But can I allow unverified user input

Question

0

Asked: June 6, 20262026-06-06T23:34:36+00:00 2026-06-06T23:34:36+00:00

var x = Object.create(null); x[hello] = world; But can I allow unverified user input

0

var x = Object.create(null);
x["hello"] = "world";

But can I allow unverified user input as keys? I want to use it as player name -> player object map. Player names will only be constrained by length of 32. I’m worried if there are special property keys that would allow players to gain control of the server.

EDIT: I’m not making web server. JavaScript will be ran server-side via SpiderMonkey embedded into the game server. If someone hijacks the JavaScript running there, they could ruin the game.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T23:34:39+00:00

Editorial Team

2026-06-06T23:34:39+00:00Added an answer on June 6, 2026 at 11:34 pm

In one word: no, just remember the Google Docs __proto__ fail

You should use a Hash-like class, or at least access these keys prefixed:

var hash = {}, key = "something-evil", value = Math.PI;
hash["$" + key] = value;
console.log( hash["$" + key] == value );

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

var x = Object.create(null); x[hello] = world; But can I allow unverified user input

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply