[Webkit-unassigned] [Bug 25079] New: iframe sandboxed native's methods return document natives.

Tue Apr 7 10:36:38 PDT 2009

https://bugs.webkit.org/show_bug.cgi?id=25079

           Summary: iframe sandboxed native's methods return document
                    natives.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
               URL: http://dl.getdropbox.com/u/513327/JavaScript/bugs/sandbo
                    xed-natives.html
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: john.david.dalton at gmail.com

First create sandboxed natives by creating an iframe and referencing its Array,
String, Date or other natives. When calling a method on the sandboxed native it
returns a document native instead of a sandboxed one.

Example:

window.Sandbox.Array.prototype.awesome = function() { };
var foo = new window.Sandbox.Array('a', 'b', 'c');
alert(typeof foo.awesome); // -> function
alert(typeof Array.prototype.awesome) -> undefined (correctly reports
undefined)
alert(typeof foo.slice(0).awesome) -> undefined (should be `function`)

Tested and fails on Safari 2.0 - 3.4 beta.
Chrome, IE, and Opera work correctly.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.