Bug 148681
| Summary: | Functions with non-simple parameter list should have poisoned arguments.callee and arguments.caller (even outside strict mode) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Claude Pache <claude.pache> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ashvayka |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Claude Pache
For example:
(function (x = 1) { return arguments.callee })() // should throw, even in sloppy mode
For reference, see step 22 of: http://www.ecma-international.org/ecma-262/6.0/#sec-functiondeclarationinstantiation
In short, the spec recognizes two types of Arguments objects:
* mapped Arguments object, used for sloppy-mode simple-parameter-list functions;
* unmapped Arguments object with poisoned `callee`/`caller`, used for anything else.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Shvayka
`arguments.caller` poisoned getter was removed from the spec: please see note 5 of https://tc39.es/ecma262/#sec-arguments-exotic-objects.
`arguments.callee` poisoned getter for sloppy functions with non-simple parameter list was implemented in r268323.
^ test262 case: https://test262.report/browse/built-ins/ThrowTypeError/unique-per-realm-non-simple.js.
*** This bug has been marked as a duplicate of bug 217574 ***