Prototype constructor override

Possibility to rewire strings or arrays constructor in the prototype, so I could control the object created by []

class Arr {
constructor(dim, arr) {
console.log(dim, arr)
let i
for(i = 0; i < arr.length; i++) {
this[i] = arr[i]
this.dim = 0
this.ite = 0
[Symbol.iterator] () {
return this.getNewIterator()
getNewIterator() {
return new ArrIterator(this)
class ArrIterator {
constructor(arr) {
this.arr = arr
this.pos = 0
next() {
return this.arr[this.pos++]

Array.prototype.constructor = function(...args) {
Array.prototype = Object.entries(Array.prototype, Arr)
let k = [7]

Args is an empty array, however it is initialized with 7 therefore it should be passed inside a constructor.

You can do Object.setPrototypeOf(arr, whatever), or you can subclass Array.

That was possible (to some extent) long ago, and posed a significant security issue.

Yes, I noticed people stopped using databases because of SQL injection. Or didn't I? Simply filter incoming JSON for prototype keyword and nothing gets on the server... In sane object there is no key either.

Simple recursive function or while loop can solve whole security issue, it's like removing windows from house because intruders can get in while they're open.

It was for sure mistake in implementation.

We should have two types of JSONs in-house and out-house.
Also API look more beautiful using YAML or similar, simpler formats.

Writing encoder that is suitable for most API's takes few days at most and you can have format that is readable far much more, and doesn't use object names more than twice.

You can use just space to separate data or binary unicode separator character, and safe many many bits, while still being compatible with browser, because encoder/decoder is javascript.

Literally creating format that separates headers from encoded text ( something like Apach Arrow approach to data, where names are just once ) can easily cure whole this issue.

I wrote file format like that somehow long time ago, but if you still have issues like dissease because you don't wash your hands... Maybe the problem is not ability to touch a pathogen.