From 2dbb470ea10697f7514094934dfbf635969b8566 Mon Sep 17 00:00:00 2001
From: Nathan Rajlich <nathan@tootallnate.net>
Date: Tue, 25 Oct 2011 21:42:23 -0700
Subject: [PATCH] Don't use `instanceof` in lib/util.js "is" checks.

While using `instanceof`, these functions could easily be faked with something
like:  Object.create(Date.prototype)

So let's just not use it at all. A little slower, but these functions are only
used in the REPL / for debugging so it's OK.

Fixes #1941.
Fixes #1942.
---
 lib/util.js | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/lib/util.js b/lib/util.js
index 098aab2..07e2e3b 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -378,31 +378,29 @@ function reduceToSingleString(output, base, braces) {
 }
 
 
+// NOTE: These type checking functions intentionally don't use `instanceof`
+// because it is fragile and can be easily faked with `Object.create()`.
 function isArray(ar) {
-  return ar instanceof Array ||
-         Array.isArray(ar) ||
-         (ar && ar !== Object.prototype && isArray(ar.__proto__));
+  return Array.isArray(ar) ||
+         (typeof ar === 'object' && objectToString(ar) === '[object Array]');
 }
 exports.isArray = isArray;
 
 
 function isRegExp(re) {
-  return re instanceof RegExp ||
-      (typeof re === 'object' && objectToString(re) === '[object RegExp]');
+  return typeof re === 'object' && objectToString(re) === '[object RegExp]';
 }
 exports.isRegExp = isRegExp;
 
 
 function isDate(d) {
-  return d instanceof Date ||
-      (typeof d === 'object' && objectToString(d) === '[object Date]');
+  return typeof d === 'object' && objectToString(d) === '[object Date]';
 }
 exports.isDate = isDate;
 
 
 function isError(e) {
-  return e instanceof Error ||
-      (typeof e === 'object' && objectToString(e) === '[object Error]');
+  return typeof e === 'object' && objectToString(e) === '[object Error]';
 }
 exports.isError = isError;
 
-- 
2.7.4