[webkit-dev] ExecState::thisObject()

Maciej Stachowiak mjs at apple.com
Mon Jul 13 16:11:29 PDT 2009


On Jul 13, 2009, at 3:40 PM, Adam Barth wrote:

> On Mon, Jul 13, 2009 at 3:29 PM, Geoffrey Garen<ggaren at apple.com>  
> wrote:
>>> Our current behavior is buggy, unpredictable, and out of spec.  This
>>> has led to security bugs in the past and will lead to security  
>>> bugs in
>>> the future.
>>
>> I don't disagree with you, but I'm not immediately convinced that a  
>> large
>> design change will automatically reduce the bug count, either.
>>
>> Which spec did you have in mind? I'd like to read it.
>
> Essentially, the ECMAScript spec requires this.  In spec-land, these
> objects are all created at the beginning of time.  The fact that we
> create them lazily is what leads to this bug.  Depending on who
> touches them first, they end up with different prototype chains, which
> doesn't make sense to ECMAScript.

While the behavior you describe seems problematic, I don't think it is  
an ECMAScript violation, since ECMAScript essentially allows host  
objects to do anything. If this is defined by spec, the specs that are  
relevant would be HTML5 and Web IDL. I'm not sure if those clearly  
define the behavior.

  - Maciej



More information about the webkit-dev mailing list