在JavaScript对象上分配哪些键是不安全的(例如'__proto__')?

I want to use a JavaScript object ({}) as a dictionary to store untrusted data. (I know there's Map, but let's say I don't want to use Map.)

如果我写

let obj = {};
obj[key] = value;

where key and value are supplied by an unstrusted source, what keys can cause surprising behavior?

I know that assigning obj.__proto__ can change the object's prototype and therefore change the behavior of the object. (This is sometimes called prototype poisoning.) So I should probably exclude '__proto__':

let obj = {};
if (key !== '__proto__') {
  obj[key] = value;
}

Are there other such unsafe keys that can change an object's behavior in some way, or is '__proto__' the only one?

如果您引用ECMAScript规范或参考文档,将获得加分。