15029 – Wrong ExecState when creating a binding object.

NEW 15029

Wrong ExecState when creating a binding object.

https://bugs.webkit.org/show_bug.cgi?id=15029

Summary Wrong ExecState when creating a binding object.

Feng Qian

Reported 2007-08-20 16:35:06 PDT

toJS(ExecState*, ...) uses the current execution state to create binding JS object. The created object has prototype chain pointing to the Object.prototype object in the execution state. If the JS code is executed in frame A, and node is from frame B, the node would have prototype chain pointing to A's Object.prototype. I think the JS wrapper of a node should be created in the node's belonging Window context.

Attachments
test case (204 bytes, text/html) 2007-08-20 16:38 PDT, Feng Qian	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Feng Qian

Comment 1 2007-08-20 16:38:22 PDT

Created attachment 16043 [details] test case You need to create an empty file called tojs_bug_child.html in the same directory The alert window should display 'undefined' instead of 'bar'

Sam Weinig

Comment 2 2007-08-20 17:02:50 PDT

<rdar://problem/5424223>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 523.x (Safari 3)

Hardware Mac

OS OS X 10.4

Product WebKit

Component WebCore JavaScript

Assignee

Nobody

Reported

2007-08-20 16:35 PDT

Modified

2007-12-10 06:34 PST History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks