[Webkit-unassigned] [Bug 203818] Proxy's [[OwnPropertyKeys]] is incorrect in DontEnumPropertiesMode::Exclude
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 5 15:26:13 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=203818
--- Comment #4 from Alexey Shvayka <shvaikalesh at gmail.com> ---
(In reply to Yusuke Suzuki from comment #3)
> Comment on attachment 382773 [details]
> Patch
>
> So, this ASSERT is not correct. Can you fix it?
Thank you for review! Allow me to expand on this ASSERT:
An object getOwnPropertyNames() is called on with JSObjectPropertiesMode::Exclude should be
checked beforehand as this mode is special. The only usage of JSObjectPropertiesMode::Exclude
in JSC codebase is in JSObject::getGenericPropertyNames, which is used only in JSPropertyNameEnumerator
on objects passing Structure::canAccessPropertiesQuicklyForEnumeration check (ProxyObjects don't).
I've added this ASSERT because it doesn't quite make sense to call ProxyObject::getOwnPropertyNames with
JSObjectPropertiesMode::Exclude and it is hard to do so by accident. ProxyObject::getGenericPropertyNames
and friends are also public API, yet they have RELEASE_ASSERT_NOT_REACHED.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191105/a4979c39/attachment.htm>
More information about the webkit-unassigned
mailing list