7751 2006-03-13 05:10:01 -0800 Scope is broken with nested evals inside of functions. 2007-07-14 12:42:47 -0700 1 1 1 Unclassified WebKit JavaScriptCore 420+ Mac OS X 10.4 RESOLVED INVALID P2 Normal --- 1 tolmasky webkit-unassigned gavin.sharp ian zwarich oldest_to_newest 36097 0 tolmasky 2006-03-13 05:10:01 -0800 When I nest evals, even though I do eval.apply(window, ...) the this object is kind of window and kind of not. Doing alert(this==window) alerts true, however doing function a() { } will not put a into this, or window for that matter. Check the attachment for a clearer example. Note, this works fine in Firefox. 36098 1 7046 tolmasky 2006-03-13 05:13:48 -0800 Created attachment 7046 Breaks scope. We should be seeing this alerted: yup! [Object Window] function a() ... function a() ... function a() ... true Bluebird of happiness (run it through firefox, it will gives this result). However, we instead get this: yup! [Obejct Window] undefined function a()... undefined true Bluebird of happiness The strange thing is that "this" really thinks its window, but it doesn't behave like it since a() doesnt get registered into window. If you comment out the r function, so that everything that happens is global, like this: <script> alert("yup!"); //function r() //{ var predefined_js= "alert(this);function a(){alert('bluebird of happiness');}alert(this.a);alert(a);alert(window.a);alert(this===window);"; var main_js= "eval.apply(window, [predefined_js]); main= function() { a(); return 0; }"; eval.apply(window, [main_js]); //} //r(); main(); </script> Now it works as it should. 36762 2 7136 tolmasky 2006-03-17 11:06:52 -0800 Created attachment 7136 Reduced Test Case The function internals should be outputted. I believe what's happening is that if the scope is not 100% "shallow" it refuses to allow declarations of type function [name] { } to be added to the global object. 36892 3 7168 tolmasky 2006-03-18 20:58:24 -0800 Created attachment 7168 Fixed Reduced Test Case 5026 4 15472 zwarich 2007-07-11 03:03:30 -0700 Created attachment 15472 Further reduced test case (In reply to comment #2) > I believe what's happening is that if the scope is not 100% "shallow" it > refuses to allow declarations of type function [name] { } to be added to the > global object. It also happens for other declarations, and for single evals, not just nested evals. I simplified your original example a bit to get the attached test case. In Firefox and Opera it outputs "bluebird of happiness" three times, but in WebKit it outputs "undefined" instead of the first. However, I don't think this is actually a bug. I think Safari has the correct behaviour here, judging by the ECMA spec. I will explain my argument. In the spec (chapter 10, although most of what I am saying comes from section 10.2), there are a few important pieces of context-sensitive information. The two that affect the situation in this bug report are the variable instantiation context and the value of "this". According to 10.2.3, when you call a function without specifying the "this" value, it is inherited from the caller. Thus, in my example, the value of "this" in the function body of f() the only time it is called is the global object. The variable instantiation context is, of course, local to the function and is not the same as the global variable instantiation context. According to 10.2.2, for code run by using eval, the variable instantiation context and the "this" value are inherited from the caller. If you take my attached example and change "eval.call(this, " to simply "eval(", all three major Mac browsers agree (I couldn't test IE) that it should output "undefined" and then "bluebird of happiness" two times. So, what is different when you use eval.call (or eval.apply) that causes the other browsers to behave differently? First, note that 10.2.2 seems to imply that evaluated code always has a "this" object of its calling context, although that isn't the issue here, as all of the browsers agree on what the "this" object should be. However, they disagree on what the variable instantiation context should be. Firefox and Opera think that by passing "this" as the first argument of call, the variable instantiation context of the evaluated code changes to the top level. But 10.2.2 says that the variable instantiation context is always that of the caller and is not dependent on the value of "this". And according to 15.3.4.4, passing something as the first argument of call could only possibly change the value of "this". Therefore, WebKit's behaviour seems to be correct. 4983 5 ddkilzer 2007-07-11 21:33:57 -0700 See also: http://bugs.webkit.org/show_bug.cgi?id=12912#c6 4973 6 zwarich 2007-07-12 00:17:18 -0700 I went to file this as a bug in the Mozilla Core Bugzilla. But first I figured I'd have the etiquette to test it on a newer build, so I downloaded Firefox 3.0a7pre. Surprisingly, it now has the same behaviour as Webkit. I searched the Bugzilla for a bug report and I couldn't find one. If I am really bored, I will hunt down the change in Firefox, but I am not that familiar with their codebase. The Firefox 3.0 alpha also affects the behaviour mentioned in bug 11399, making it the same as Webkit. I will make a separate comment there. Perhaps someone should review this bug and mark it INVALID? 4777 7 ddkilzer 2007-07-14 12:42:47 -0700 Marking as RESOLVED/INVALID per Comment #4 and Comment #6. 7046 2006-03-13 05:13:48 -0800 2007-07-10 22:25:03 -0700 Breaks scope. scopetest.html text/html 341 tolmasky PHNjcmlwdD4KCmFsZXJ0KCJ5dXAhIik7CgpmdW5jdGlvbiByKCkKewogICAgdmFyIHByZWRlZmlu ZWRfanM9ICJhbGVydCh0aGlzKTtmdW5jdGlvbiBhKCl7YWxlcnQoJ2JsdWViaXJkIG9mIGhhcHBp bmVzcycpO31hbGVydCh0aGlzLmEpO2FsZXJ0KGEpO2FsZXJ0KHdpbmRvdy5hKTthbGVydCh0aGlz PT09d2luZG93KTsiOwogICAgdmFyIG1haW5fanM9ICJldmFsLmFwcGx5KHdpbmRvdywgW3ByZWRl ZmluZWRfanNdKTsgbWFpbj0gZnVuY3Rpb24oKSB7IGEoKTsgcmV0dXJuIDA7IH0iOwoKICAgIGV2 YWwuYXBwbHkod2luZG93LCBbbWFpbl9qc10pOwp9CgpyKCk7CgptYWluKCk7Cgo8L3NjcmlwdD4= 7136 2006-03-17 11:06:52 -0800 2007-07-10 22:25:20 -0700 Reduced Test Case tester.html text/html 117 tolmasky PHNjcmlwdD4KYT0ge307CgpmdW5jdGlvbiByKCkKewogICAgZXZhbC5hcHBseSh3aW5kb3csIFsi ZnVuY3Rpb24geCgpIHsgYWxlcnQoXCJ5dXBcIik7IH0iXSk7Cn0KCmFsZXJ0KHgpOwoKPC9zY3Jp cHQ+ 7168 2006-03-18 20:58:24 -0800 2006-03-18 20:58:24 -0800 Fixed Reduced Test Case tester.html text/html 115 tolmasky PHNjcmlwdD4KZnVuY3Rpb24gcigpCnsKICAgIGV2YWwuYXBwbHkod2luZG93LCBbImZ1bmN0aW9u IHgoKSB7IGFsZXJ0KFwieXVwXCIpOyB9Il0pOwp9CgpyKCk7CgphbGVydCh4KTsKCjwvc2NyaXB0 Pg== 15472 2007-07-11 03:03:30 -0700 2007-07-11 03:03:30 -0700 Further reduced test case scopetest3.html text/html 138 zwarich PHNjcmlwdD4KZnVuY3Rpb24gZigpCnsKICAgIGV2YWwuY2FsbCh0aGlzLCAidmFyIGEgPSAnYmx1 ZWJpcmQgb2YgaGFwcGluZXNzJzsgYWxlcnQodGhpcy5hKTsgYWxlcnQoYSk7Iik7CgogICAgYWxl cnQoYSk7Cn0KCmYoKTsKPC9zY3JpcHQ+