[Webkit-unassigned] [Bug 112191] [v8] [meta] Binding Integrity should move off of vtable checks.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 25 09:30:55 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=112191
--- Comment #24 from Thomas Sepez <tsepez at chromium.org> 2013-03-25 09:33:22 PST ---
> I'm sorry but I don't quite understand.
> Currently we don't use WrapperTypeInfo to determine whether the element is custom element or not.
> Why this change makes it required?
>
Ah. We want to harden the binding system against certain types of deliberate tampering, with the result that the wrapper factories, with their introspection, need to go away. As such, a scriptwrappable will always get wrapped in the new world via indirection off of its pointer to a WrapperTypeInfo as set at object creation time (the wrapper type info is then amended to include the wrapper creation function pointer).
So, we need to have a stubb WrapperTypeInfo just to allow us to transfer control to the wrapper function in the exact same manner as any other scriptwrappable without invoking additional logic.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list