[webkit-dev] ExecState::thisObject()
Adam Barth
abarth at webkit.org
Mon Jul 13 16:11:04 PDT 2009
On Mon, Jul 13, 2009 at 4:01 PM, Geoffrey Garen<ggaren at apple.com> wrote:
>> That's correct. Other browser's get this case right. Here are a
>> couple test cases you might find interesting:
>>
>> http://webblaze.org/abarth/tests/protoconfused/test1.html
>> http://webblaze.org/abarth/tests/protoconfused/test2.html
>
> I tried these tests, with mixed results:
>
> IE8: Exception thrown during load.
> Firefox 3.0: mixture of passes and fails on test1.html. Exception thrown
> during load of test2.html.
> Chrome 2.0: Mixture of passes and fails.
Yes. All the browsers suck on these tests. :)
Would you like me to go look for more exploitable cases? It seems
like the only reason not to fix this issue is because we're afraid of
code churn.
Adam
More information about the webkit-dev
mailing list