`Object.assign` is not supported in IE 11 and is used here to perform
a shallow clone on objects. The `map` function from `utils/object.js`
can be used instead for this cloning.
Because on NodeJS <= v0.10 hasOwnProperty returns false for __proto__ on
Object.prototype. Function.prototype and Object.prototype are roots so
it should be safe to use 'in' instead.
To safely restore inherited properties and methods on plain objects e.g
with Object.create, some overly broad conditions need to be removed and
others added to more explicitly exclude unsafe properties.
isSafeMethod() has been modified as bellow, roughly the same conditions
are also now used in isSafeProperty() for get/setSafeProperty() which
previously restricted all inherited properties.
- Require __proto__ to have own-method
Intended to prevent ghosting of class methods, but also prevents
access to properties from further up the chain.
+ Require any own-method to not be in __proto__
Explicitly prevents ghosting but not inheritance. Possible to
defeat only if proto chaining through Object.create is allowed.
- Require object to not be function
Intended to prevent unsafe function methods like 'bind', but
also restricts function own-properties.
+ Require method not be in Function.prototype
Explicitly prevents unsafe function methods like 'bind',
without restricting function own properties.
Other conditions should be equivalent. The overall affect should be
that inherited properties and methods that are safe and not ghosted
should be allowed.
This spec tests `reshape()` with more cases than the one in
test/utils/array.test.js, including various types.
Also, in `_reshape()`, throw a brand new `DimensionError` instead of
modifying the caught one (the error message does not change when other
attributes are modified, as it is computed when the error is created).
