[Webkit-unassigned] [Bug 216816] New: An issue about evaluating instanceof
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 22 01:28:19 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=216816
Bug ID: 216816
Summary: An issue about evaluating instanceof
Product: WebKit
Version: WebKit Local Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: nisl_grammarly1 at 163.com
According to ES10.0, If an object does not define or inherit "@@hasInstance" it uses the default "instanceof" semantics. When changing the value of "__proto__" of an object into "String", the algorithm to be used will be "Function.prototype[@@hasInstance]" instead of the default semantics. So the output of the testcase below is "false" as other engines do. This may be an issue of javascriptCore.
#### version
dbae081
#### command
webkit/WebKitBuild/Debug/bin/jsc testcase.js testcase.js
#### testcase
var obj = {__proto__:String};
var result = "hello" instanceof obj;
print(result);
#### output
TypeError: obj is not a function. (evaluating '"hello" instanceof obj')
#### expected output
false
contributor:Yuan Wang
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200922/143ccd79/attachment.htm>
More information about the webkit-unassigned
mailing list