[Webkit-unassigned] [Bug 25079] New: iframe sandboxed native's methods return document natives.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 7 10:36:38 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25079
Summary: iframe sandboxed native's methods return document
natives.
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://dl.getdropbox.com/u/513327/JavaScript/bugs/sandbo
xed-natives.html
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: john.david.dalton at gmail.com
First create sandboxed natives by creating an iframe and referencing its Array,
String, Date or other natives. When calling a method on the sandboxed native it
returns a document native instead of a sandboxed one.
Example:
window.Sandbox.Array.prototype.awesome = function() { };
var foo = new window.Sandbox.Array('a', 'b', 'c');
alert(typeof foo.awesome); // -> function
alert(typeof Array.prototype.awesome) -> undefined (correctly reports
undefined)
alert(typeof foo.slice(0).awesome) -> undefined (should be `function`)
Tested and fails on Safari 2.0 - 3.4 beta.
Chrome, IE, and Opera work correctly.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list