Setters are no longer called when setting properties in object initializers: what does this mean?

Question

On this JS MDN page it says this:

JavaScript 1.8.1 note

Starting in JavaScript 1.8.1, setters are no longer called when setting p

Answer 1

I think this refers to the issue of JSON hijacking. Have a look at

• Is it possible to do 'JSON hijacking' on modern browser?
• http://incompleteness.me/blog/2007/03/05/json-is-not-as-safe-as-people-think-it-is/
• http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx, http://haacked.com/archive/2009/06/25/json-hijacking.aspx
• http://hackademix.net/2009/01/13/you-dont-know-what-my-twitter-leaks/

To repost my answer from this deleted question:

According to the specification, neither Array (EcmaScript 5.1 §11.1.4) nor Object literals (EcmaScript 5.1 §11.1.5) should be hijackable:

• They call "the standard built-in constructor with that name", not what you might have overwritten at window.Array or window.Object
• They use [[defineOwnProperty]], which does absolutely not take care of any setters on Object.prototype.

Nowadays, this should not be an issue any more in ES 5.1-compliant browsers.

Answer 2

This code-snippet:

var o = {};
o.seven = 7;

and this code-snippet:

var o = { seven: 7 };

are normally equivalent; but if they're preceded by this code-snippet:

Object.prototype.__defineSetter__('seven', function(x) { alert(x); });

then only the former will alert 7 (because the setter is called by o.seven = 7, but not by o = { seven: 7 }), and only the latter will actually set o.seven to 7.