Bug 27566

Summary: x-frame constructor calls are instantiated with the wrong prototype chain
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, arv, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 27634    
Attachments:
Description Flags
test case (needs HTML wrapper to run)
none
patch abarth: review+

Description Eric Seidel (no email) 2009-07-22 14:55:48 PDT 
x-frame constructor calls are instantiated with the wrong prototype chain

This is kinda far out there, but I was in this area of code, so I wrote a test which shows we're wrong:

Make sure prototypes are set up using the window a property came from, instead of the lexical global object.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".


FAIL (new inner.WebKitCSSMatrix).isInner should be true. Was false.
FAIL (new inner.WebKitCSSMatrix).constructor.isInner should be true. Was false.
FAIL (new inner.WebKitPoint).isInner should be true. Was false.
FAIL (new inner.WebKitPoint).constructor.isInner should be true. Was false.
FAIL (new inner.DOMParser).isInner should be true. Was false.
FAIL (new inner.DOMParser).constructor.isInner should be true. Was false.
FAIL (new inner.Option).isInner should be true. Was false.
FAIL (new inner.Option).constructor.isInner should be true. Was false.
FAIL (new inner.Audio).isInner should be true. Was false.
FAIL (new inner.Audio).constructor.isInner should be true. Was false.
FAIL (new inner.XPathEvaluator).isInner should be true. Was false.
FAIL (new inner.XPathEvaluator).constructor.isInner should be true. Was false.
FAIL (new inner.Image).isInner should be true. Was false.
FAIL (new inner.Image).constructor.isInner should be true. Was false.
FAIL (new inner.XMLSerializer).isInner should be true. Was false.
FAIL (new inner.XMLSerializer).constructor.isInner should be true. Was false.
FAIL (new inner.XMLHttpRequest).isInner should be true. Was false.
FAIL (new inner.XMLHttpRequest).constructor.isInner should be true. Was false.
PASS successfullyParsed is true

TEST COMPLETE
Comment 1 Eric Seidel (no email) 2009-07-22 14:58:49 PDT 
Created attachment 33295 [details]
test case (needs HTML wrapper to run)
Comment 2 Eric Seidel (no email) 2009-07-22 16:30:00 PDT 
Btw, this test doesn't work in other browsers, because other browsers do not expose Constructor objects on the window as enumerable.
Comment 3 Eric Seidel (no email) 2009-07-24 00:27:15 PDT 
I'm about to fix this with the patch on bug 27634!  I'm going to use this patch for landing the FAILing test and I'll use bug 27634 to track landing the actual fixes.
Comment 4 Eric Seidel (no email) 2009-07-24 00:33:12 PDT 
Created attachment 33411 [details]
patch
Comment 5 Adam Barth 2009-07-24 00:38:26 PDT 
Comment on attachment 33411 [details]
patch

Yay for more failing tests.
Comment 6 Eric Seidel (no email) 2009-07-24 00:42:17 PDT 
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	LayoutTests/ChangeLog
	A	LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt
	A	LayoutTests/fast/dom/constructed-objects-prototypes.html
	A	LayoutTests/fast/dom/resources/constructed-objects-prototypes.js
Committed r46326
	M	WebCore/ChangeLog
	M	WebCore/page/DOMTimer.h
	M	WebCore/page/DOMTimer.cpp
r46324 = 9cec98c311e2b51ec3728e982846911095605505 (trunk)
	M	WebKit/win/WebDownload.h
	M	WebKit/win/ChangeLog
	M	WebKit/win/DefaultDownloadDelegate.h
	M	WebKit/win/WebMutableURLRequest.cpp
	M	WebCore/ChangeLog
	M	WebCore/platform/graphics/win/SimpleFontDataWin.cpp
r46325 = eb9e6956d58e229a058170dcf18af388dbc0843c (trunk)
	M	LayoutTests/ChangeLog
	A	LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt
	A	LayoutTests/fast/dom/resources/constructed-objects-prototypes.js
	A	LayoutTests/fast/dom/constructed-objects-prototypes.html
r46326 = 87f7406b26147c714b00dca7949667aa653501a6 (trunk)
First, rewinding head to replay your work on top of it...
Nothing to do.
http://trac.webkit.org/changeset/46326