[webkit-dev] Question about Constructors in WebKit JS Bindings
Adam Barth
abarth at webkit.org
Tue Jun 23 17:14:12 PDT 2009
[+sam]
On Tue, Jun 23, 2009 at 5:11 PM, Drew Wilson<atwilson at google.com> wrote:
> On Tue, Jun 23, 2009 at 4:53 PM, Maciej Stachowiak <mjs at apple.com> wrote:
>> Also, there might be a subtle bug in the above code: what if window.Worker
>> is first accessed from a different frame? Then the prototype of the Worker
>> constructor itself will use the other frame's Object prototype as its
>> prototype. I'm not sure if that is right. I think maybe JSWorkerConstructor
>> should be passed the global object from which it is retrieved as a property,
>> instead of using the lexical global object.
>
> Good catch. This bug seems to be in all our custom generated constructors.
Yes. This has caused us headaches (e.g., security bugs) in the past.
Adam
More information about the webkit-dev
mailing list