<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Add InternalPromise to use Promises safely in the internals"
href="https://bugs.webkit.org/show_bug.cgi?id=148136">148136</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Add InternalPromise to use Promises safely in the internals
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>JavaScriptCore
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>utatane.tea@gmail.com
</td>
</tr></table>
<p>
<div>
<pre><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises"
href="show_bug.cgi?id=147942">https://bugs.webkit.org/show_bug.cgi?id=147942</a> solve the part of the problem.
But, since resolving function always looks up "then" function, by setting malicious "then" function, we can still trap it...
To make Promises safe, we'll introduce new constructor/prototype set for InternalPromise. That is the separated instance from the usual Promise.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>