Bug 120052

Summary:

Remove custom getOwnPropertyDescriptor for JSProxy

Product:

WebKit

Reporter:

Gavin Barraclough <barraclough>

Component:

JavaScriptCore

Assignee:

Gavin Barraclough <barraclough>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ggaren, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fix	ggaren: review+

Gavin Barraclough

Reported 2013-08-19 23:46:36 PDT

GET_OWN_PROPERTY_DESCRIPTOR_IMPL runs afoul with JSProxy due to the workaround for JSDOMWindow's broken behavior. Because the window object incorrectly searches the prototype chain in getOwnPropertySlot we check that the base object matches, but in the case of JSProxy we can end up comparing the window object to the window shell & falsely assuming this is a prototype property. Add toThis conversion to correctly identify proxied own access. I've kept the original slotBase check as a fast case, and also so that direct access on JSDOMWindow still works.

Attachments
Fix (3.08 KB, patch) 2013-08-19 23:51 PDT, Gavin Barraclough	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Gavin Barraclough

Comment 1 2013-08-19 23:51:04 PDT

Created attachment 209162 [details] Fix

Geoffrey Garen

Comment 2 2013-08-20 09:37:53 PDT

Comment on attachment 209162 [details] Fix r=me

Gavin Barraclough

Comment 3 2013-08-20 10:05:59 PDT

Committed revision 154334.

Note You need to log in before you can comment on or make changes to this bug.