[Webkit-unassigned] [Bug 15029] New: Wrong ExecState when creating a binding object.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 20 16:35:06 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15029
Summary: Wrong ExecState when creating a binding object.
Product: WebKit
Version: 522+ (nightly)
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ian.eng.webkit at gmail.com
CC: sam at webkit.org
toJS(ExecState*, ...) uses the current execution state to create binding JS
object. The created object has prototype chain pointing to the Object.prototype
object in the execution state. If the JS code is executed in frame A, and node
is from frame B, the node would have prototype chain pointing to A's
Object.prototype.
I think the JS wrapper of a node should be created in the node's belonging
Window context.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list