[Webkit-unassigned] [Bug 154826] New: [JSC] Properties with private symbols (internal slots) should be accessed with @getByValDirect

Mon Feb 29 10:48:17 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154826

            Bug ID: 154826
           Summary: [JSC] Properties with private symbols (internal slots)
                    should be accessed with @getByValDirect
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

The private symbols are used to implement internal slots[1].
But the internal slots should not be properties. That means,
"Internal slots are not object properties and they are not inherited."

Since the current internal slots are implemented as properties and accessed through normal [[Get]], the access searches through prototype chains.
So, for example,

var crafted = { __proto__: promise }

works with the Promise methods.

And when fixing this issue, we should change the current Proxy's semantics for the private symbols.
Currently, the Proxy redirects the access with the private symbols to the target.
But this should not be done. Instead, the Proxy should work as if it does not have any properties named "the given private name".

[1]: http://ecma-international.org/ecma-262/6.0/#sec-object-internal-methods-and-internal-slots

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160229/771f69e1/attachment-0001.html>