[Webkit-unassigned] [Bug 154817] New: [JSC] Private symbols should not be trapped by proxy handler
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 29 08:43:02 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=154817
Bug ID: 154817
Summary: [JSC] Private symbols should not be trapped by proxy
handler
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: utatane.tea at gmail.com
Since the runtime has some assumptions on the properties bound with private symbols, ES6 Proxy should not trap these property operations.
For example, in ArrayIteratorPrototype.js
var itemKind = this. at arrayIterationKind;
if (itemKind === @undefined)
throw new @TypeError("%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");
Here, we assume that only the array iterator has @arrayIterationKind property that value is non-undefined.
But If we implement Proxy with the get handler, that returns non-undefined value for every operations, we accidentally assumes that the given value is an array iterator.
To avoid these situation, we perform the default operations onto property ops with private symbols.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160229/94f959ba/attachment.html>
More information about the webkit-unassigned
mailing list