[Webkit-unassigned] [Bug 77493] PopStateEvent.state should use the same object as history.state

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 8 17:37:55 PST 2012


https://bugs.webkit.org/show_bug.cgi?id=77493


Adam Barth <abarth at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #126201|review?, commit-queue?      |review-
               Flag|                            |




--- Comment #2 from Adam Barth <abarth at webkit.org>  2012-02-08 17:37:55 PST ---
(From update of attachment 126201)
View in context: https://bugs.webkit.org/attachment.cgi?id=126201&action=review

> Source/WebCore/bindings/js/JSPopStateEventCustom.cpp:53
> +    return jsHistory->get(exec, Identifier(exec, "state"));

If the web page installs a getter on the history object, does this call that getter?  (Seems like something we should test.)

> Source/WebCore/bindings/v8/custom/V8PopStateEventCustom.cpp:55
> +    return toV8(history).As<v8::Object>()->Get(v8::String::NewSymbol("state"));

I would think you'd want to get the hidden property rather than the real property.  The hidden property can't be manipulated by the web page where as the real property can.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list