Bug 48953

Summary: REGRESSION: Can't shadow/overwrite window.constructor (causes TypeError exception)
Product: WebKit Reporter: Matt Cooper <matt11ag-webkitbugs>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Major CC: ap, ggaren, msaboff, oliver, sam
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.6   
Attachments:
Description Flags
This attachment is simply an html test page that houses the code that throws the unexpected TypeError in WebKit nightly only
none
Patch to allow setting window.constructor.
none
Updated patch with whitespace fixes. sam: review+

Matt Cooper
Reported 2010-11-03 14:13:28 PDT
In the latest WebKit nightly, I am seeing an unexpected error message: TypeError: Result of expression 'TestSample' [[object DOMWindowConstructor]] is not a constructor. for code that works just fine in Apple Safari 5.0.2, Google Chrome 7.0.517.41, and Firefox 3.6.11. ---- var constructor = new Function("id", "desc", "this.id = id; this.description = desc;"); constructor.prototype.setDescription = function(desc){this.description = desc}; constructor.prototype.getDescription = function(){return this.description}; // Changing the order of the following 2 lines does not make a difference: window["TestSample"] = constructor; constructor.getInstanceFromFactory = function (id, desc){return new TestSample(id, desc);}; var sample = TestSample.getInstanceFromFactory("hello","success if you see this"); alert(sample.getDescription()); ---- Expected result is that you see an alert with the text "success if you see this" but in WebKit nightly, the above JavaScript TypeError is logged in the JavaScript console instead.
Attachments
This attachment is simply an html test page that houses the code that throws the unexpected TypeError in WebKit nightly only (1.06 KB, text/html)
2010-11-03 14:14 PDT, Matt Cooper 		no flags
Details
Patch to allow setting window.constructor. (9.68 KB, patch)
2010-12-22 16:29 PST, Michael Saboff 		no flags
DetailsFormatted DiffDiff
Updated patch with whitespace fixes. (9.53 KB, patch)
2010-12-22 16:45 PST, Michael Saboff 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Matt Cooper
Comment 1 2010-11-03 14:14:30 PDT
Created attachment 72868 [details] This attachment is simply an html test page that houses the code that throws the unexpected TypeError in WebKit nightly only
Matt Cooper
Comment 2 2010-12-20 13:29:27 PST
This issue is still reproducing over a month later in r74228 (today's latest nightly). I also see the problem manifest on pages like this one: http://jdevadf.oracle.com/adf-richclient-demo/faces/index.jspx
Alexey Proskuryakov
Comment 3 2010-12-20 13:32:37 PST
<rdar://problem/8790587>
Geoffrey Garen
Comment 4 2010-12-20 14:46:27 PST
The bug here is that window.constructor (a property that exists on all objects by default) can't be shadowed / overwritten.
Geoffrey Garen
Comment 5 2010-12-20 14:48:08 PST
I believe this may have been caused by Michael's recent change to the DOMWindow constructor object.
Michael Saboff
Comment 6 2010-12-20 16:45:32 PST
It appears that this was caused with change set <http://trac.webkit.org/changeset/69553>, the change to https://bugs.webkit.org/show_bug.cgi?id=47422 "DOMWindow constructor directly callable".
Michael Saboff
Comment 7 2010-12-22 16:29:15 PST
Created attachment 77274 [details] Patch to allow setting window.constructor. Added a new extended attribute to the JavaScript code generator called ReplaceableConstructor that will generate a setJS<class>Constructor() method. Added this attribute to the DOMWindow interface. Updated a test and added a new regression test.
Michael Saboff
Comment 8 2010-12-22 16:45:02 PST
Created attachment 77277 [details] Updated patch with whitespace fixes.
Michael Saboff
Comment 9 2010-12-23 09:44:36 PST
Committed revision http://trac.webkit.org/changeset/74537
Matt Cooper
Comment 10 2011-03-22 16:22:22 PDT
Note that while this bug was fixed in WebKit, the issue still manifests in the mobile version of Safari on iOS 4.3.
Note You need to log in before you can comment on or make changes to this bug.