[Webkit-unassigned] [Bug 15003] New: The "constructor" property on Function.prototype should not be DontDelete/ReadOnly

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Aug 19 02:14:42 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=15003

           Summary: The "constructor" property on Function.prototype should
                    not be DontDelete/ReadOnly
           Product: WebKit
           Version: 522+ (nightly)
          Platform: All
               URL: javascript:function yn(v) { return v ? "yes" : "no"; };
                    function c() { }; delete c.prototype.constructor; var i
                    = new c(); var res = (i.constructor !==
                    Object.prototype.constructor); var allres = !res; var
                    msg = "DontDelete: " + yn(res) + "\n"; function g() { };
                    g.prototype.constructor = 17; var i2 = new g(); res =
                    (i2.constructor !== 17); allres = allres && !res; msg +=
                    "ReadOnly: " + yn(res) + "\n";  function h() { }; res =
                    true; for (var prop in new h()) { if (prop ==
                    "constructor") res = false; }; msg += "DontEnum: " +
                    yn(res); allres = allres && res;
                    alert("Function.prototype.constructor attribute checks "
                    + (allres ? "PASS" : "FAIL") + "\n" + msg);
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jwalden+bwo at mit.edu


13.2 Creating Function Objects

10. Set the "constructor" property of Result(9) [the newly-created prototype
object for the Function object being created] to F [the Function object being
created].  This property is given attributes { DontEnum }.


This breaks hiding the constructor of an object from any code which sees that
object, as an internals-hiding mechanism for constructor privateness.


The relevant place to fix, at a glance, is:

http://trac.webkit.org/projects/webkit/browser/trunk/JavaScriptCore/kjs/function_object.cpp#L248

It should be trivial to convert the URL test into a JavaScriptCore test and to
remove the extra attributes from that line -- for someone who has the time to
do that, that is.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list