[Webkit-unassigned] [Bug 115087] New: Web Inspector: WebCore::reportException should not evaluate JavaScript handling exceptions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 23 22:17:43 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=115087
Summary: Web Inspector: WebCore::reportException should not
evaluate JavaScript handling exceptions
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: joepeck at webkit.org
CC: timothy at apple.com, joepeck at webkit.org,
graouts at apple.com
Currently WebCore::reportException can evaluate JavaScript when handling exceptions. The JS evaluation can itself throw an exception if running code in the page.
For example:
function MyError() {
this.name = "MyErrorName";
this.message = "MyErrorMessage";
}
MyError.prototype.toString = function() {
throw "oops";
}
function produceError() {
throw new MyError();
}
produceError();
WebCore::reportException call's this toString, and can potentially get values with hooks in valueOf as well. We should avoid running JS that can trigger its own exceptions if possible.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list