<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API"
   href="https://bugs.webkit.org/show_bug.cgi?id=158940#c3">Comment # 3</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API"
   href="https://bugs.webkit.org/show_bug.cgi?id=158940">bug 158940</a>
              from <span class="vcard"><a class="email" href="mailto:youennf&#64;gmail.com" title="youenn fablet &lt;youennf&#64;gmail.com&gt;"> <span class="fn">youenn fablet</span></a>
</span></b>
        <pre>Comment on <span class=""><a href="attachment.cgi?id=281658&amp;action=diff" name="attach_281658" title="Proposed patch">attachment 281658</a> <a href="attachment.cgi?id=281658&amp;action=edit" title="Proposed patch">[details]</a></span>
Proposed patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=281658&amp;action=review">https://bugs.webkit.org/attachment.cgi?id=281658&amp;action=review</a>

<span class="quote">&gt; Source/WebCore/Modules/mediastream/RTCPeerConnection.js:57
&gt; +    return <a href="mailto:this.&#64;localStreams.slice">this.&#64;localStreams.slice</a>();</span >

Array.slice may be corrupted by user scripts.
The same applies to find findIndex, push, forEach, splice methods.
This should be robustified.

<span class="quote">&gt; Source/WebCore/Modules/mediastream/RTCPeerConnection.js:94
&gt; +    stream.getTracks().forEach(track =&gt; this.&#64;addTrack(track, stream));</span >

Potentially, we know that this, track and stream are of the right type.
So we could replace if statements by assert statements in the binding generated code.
That said, this might be too early to do so.

<span class="quote">&gt; Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:87
&gt; +        JSDOMGlobalObject::GlobalPropertyInfo(clientData.builtinNames().MediaStreamPrivateName(), JSMediaStream::getConstructor(vm, this), DontDelete | ReadOnly),</span >

It might be good to add a keyword similar to PrivateAlso for exposing DOM constructors safely to JS builtins.
Ideally, we should not need to create the constructor but just pass a getter function that would create it if needed</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>