[Webkit-unassigned] [Bug 53578] [V8] Incorrect handling of JavaScript properties in DOMStringMap
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 2 03:56:46 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=53578
--- Comment #2 from anton muhin <antonm at chromium.org> 2011-02-02 03:56:46 PST ---
(From update of attachment 80893)
View in context: https://bugs.webkit.org/attachment.cgi?id=80893&action=review
> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:54
> + if (map->contains(nameString))
I am complete ignoramus of WebCore::DOMStringMap internals, but is there a contract what DOMStringMap::item should return if there is no binding for the name? If it returns empty string (WebCore::String::isEmpty()), it might be more efficient to look the result up and check for string emptiness. Feel free to ignore if you think it's premature optimization.
> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:88
> INC_STATS("DOM.DOMStringMap.NamedPropertySetter");
Shouldn't NamedPropertyDelete be updated as well?
> Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp:91
> + return notHandledByInterceptor();
I suspect (but not 100% sure) it doesn't do the right thing: I would expect that in your test case you would get real JS property 'foobarbaz' on JS wrapper itself, and this update won't be stored in the instance of WebCore::DOMStringMap. Can we extend layout test to check if it's indeed the case?
If I am right, I think you should use v8::Object::HasRealNamedProperty instead of both GetRealNamedPropertyInPrototypeChain and HasRealNamedCallback.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list