[Webkit-unassigned] [Bug 33053] JSON.stringify and JSON.parse implementations needlessly process properties in the prototype chain
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 4 01:43:49 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33053
--- Comment #6 from Kent Hansen <kent.hansen at nokia.com> 2010-01-04 01:43:48 PST ---
(In reply to comment #5)
> (From update of attachment 45662 [details])
> Can you determine what correct spec behaviour is given:
> javascript:a={__proto__:{foo:"bar"}, get b() { this.foo="PASS"; }};
> alert(JSON.stringify(a))
Thanks, that's a good test case to include.
Fairly sure it should be "{}", as per 15.12.3.JO.6. The prototype should not be
consulted.
SpiderMonkey produces "{}" with both the built-in JSON.stringify and
http://www.json.org/json2.js.
JSC produces "{"foo":"PASS"}" without the patch, "{}" with the patch.
JSC produces "{"foo":"PASS"}" even with json2.js. That code uses for..in in
combination with hasOwnProperty() to only process "own" properties of the
object. This means it _will_ see the property name "b" before hasOwnProperty()
rejects it, but that shouldn't cause the _getter_ itself to be invoked. Uh-oh,
maybe it's because the JSObject::hasOwnProperty() implementation calls
getOwnPropertySlot()? It should probably be calling getOwnPropertyDescriptor().
I'll investigate and spin off a separate bug report.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list