Bug 14611 - Incorrect JavaScript const declaration behaviour
: Incorrect JavaScript const declaration behaviour
Status: RESOLVED DUPLICATE of bug 31813
: WebKit
JavaScriptCore
: 523.x (Safari 3)
: Macintosh Mac OS X 10.4
: P2 Normal
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2007-07-13 12:01 PST by
Modified: 2012-03-07 00:31 PST (History)


Attachments
Test case (107 bytes, text/html)
2007-07-13 12:04 PST, Cameron Zwarich (cpst)
no flags Details
testcase that also tests deleting a const (1.11 KB, text/html)
2009-04-25 16:09 PST, Eli Grey (:sephr)
no flags Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-07-13 12:01:47 PST
When I was fixing the patch for bug 13517 so that it would past fast/js/const, I realized that const is currently handled incorrectly.

A variable that is declared with either a var declaration or a const declaration can be redeclared (and given a new value) with const, which is against  <http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Statements:const>.
------- Comment #1 From 2007-07-13 12:04:42 PST -------
Created an attachment (id=15503) [details]
Test case

Here is a test case.

I have a pretty good idea of a patch, but it depends on the fix for bug 13517, so I will wait until that is resolved.
------- Comment #2 From 2007-07-14 16:01:20 PST -------
Confirmed with a local debug build of WebKit r24285 with Safari 3.0 (522.12) on Mac OS X 10.4.10 (8R218).

Opera 9.21.3678 fails as well.
------- Comment #3 From 2008-05-22 11:10:37 PST -------
*** Bug 19194 has been marked as a duplicate of this bug. ***
------- Comment #4 From 2008-10-16 19:59:26 PST -------
*** Bug 21700 has been marked as a duplicate of this bug. ***
------- Comment #5 From 2009-04-25 16:07:53 PST -------
consts can also be deleted. Which is against Mozilla's spec. Attempting to delete a const should return false and fail (not throwing any errors though).
------- Comment #6 From 2009-04-25 16:09:32 PST -------
Created an attachment (id=29789) [details]
testcase that also tests deleting a const
------- Comment #7 From 2009-04-25 16:17:41 PST -------
Oh yeah, so much is wrong with our implementation of 'const'. In practice, it doesn't matter at all, because nothing depends on the correct behaviour. We should fix it some day, but I don't think it is a priority right now given the other bugs that are open.

If someone knows of a site that this breaks, mention it here and I'll try to fix it.
------- Comment #8 From 2009-04-25 16:37:02 PST -------
(In reply to comment #7)
IMO, it's pretty important if you want to make library that, if a site scumbs to an XSS flaw, the library reports a bug on itself on a page.
For example:
  const reportXSSFlawedPage = function() { do_some_stuff_with(location.href) };

In Firefox, the website will report an error to the admin so he can get the library fixed ASAP. In WebKit, the XSS attack knows about the "reportXSSFlawedPage" function, and overwrites it. The admin doesn't find out about the XSS flaw until quite a few users have been affected.
------- Comment #9 From 2009-08-17 09:31:25 PST -------
*** Bug 21701 has been marked as a duplicate of this bug. ***
------- Comment #10 From 2012-03-07 00:31:30 PST -------
Our const behavior currently doesn't respect any spec, and therefore can do whatever it wants. :-)

Our intention is to fix this by replacing our current implementation with one that implements Harmony block scoped const; this bug should be subsumed as a part of that change.

*** This bug has been marked as a duplicate of bug 31813 ***