Bug 14611 - Incorrect JavaScript const declaration behaviour
: Incorrect JavaScript const declaration behaviour
Status: RESOLVED DUPLICATE of bug 31813
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore
: 523.x (Safari 3)
: Macintosh Mac OS X 10.4
: P2 Normal
Assigned To: Nobody
Depends on:
  Show dependency treegraph
Reported: 2007-07-13 12:01 PDT by Cameron Zwarich (cpst)
Modified: 2012-03-07 00:31 PST (History)
6 users (show)

See Also:

Test case (107 bytes, text/html)
2007-07-13 12:04 PDT, Cameron Zwarich (cpst)
no flags Details
testcase that also tests deleting a const (1.11 KB, text/html)
2009-04-25 16:09 PDT, Eli Grey (:sephr)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Cameron Zwarich (cpst) 2007-07-13 12:01:47 PDT
When I was fixing the patch for bug 13517 so that it would past fast/js/const, I realized that const is currently handled incorrectly.

A variable that is declared with either a var declaration or a const declaration can be redeclared (and given a new value) with const, which is against  <http://developer.mozilla.org/en/docs/Core_JavaScript_1.5_Reference:Statements:const>.
Comment 1 Cameron Zwarich (cpst) 2007-07-13 12:04:42 PDT
Created attachment 15503 [details]
Test case

Here is a test case.

I have a pretty good idea of a patch, but it depends on the fix for bug 13517, so I will wait until that is resolved.
Comment 2 David Kilzer (:ddkilzer) 2007-07-14 16:01:20 PDT
Confirmed with a local debug build of WebKit r24285 with Safari 3.0 (522.12) on Mac OS X 10.4.10 (8R218).

Opera 9.21.3678 fails as well.

Comment 3 Cameron Zwarich (cpst) 2008-05-22 11:10:37 PDT
*** Bug 19194 has been marked as a duplicate of this bug. ***
Comment 4 Cameron Zwarich (cpst) 2008-10-16 19:59:26 PDT
*** Bug 21700 has been marked as a duplicate of this bug. ***
Comment 5 Eli Grey (:sephr) 2009-04-25 16:07:53 PDT
consts can also be deleted. Which is against Mozilla's spec. Attempting to delete a const should return false and fail (not throwing any errors though).
Comment 6 Eli Grey (:sephr) 2009-04-25 16:09:32 PDT
Created attachment 29789 [details]
testcase that also tests deleting a const
Comment 7 Cameron Zwarich (cpst) 2009-04-25 16:17:41 PDT
Oh yeah, so much is wrong with our implementation of 'const'. In practice, it doesn't matter at all, because nothing depends on the correct behaviour. We should fix it some day, but I don't think it is a priority right now given the other bugs that are open.

If someone knows of a site that this breaks, mention it here and I'll try to fix it.
Comment 8 Eli Grey (:sephr) 2009-04-25 16:37:02 PDT
(In reply to comment #7)
IMO, it's pretty important if you want to make library that, if a site scumbs to an XSS flaw, the library reports a bug on itself on a page.
For example:
  const reportXSSFlawedPage = function() { do_some_stuff_with(location.href) };

In Firefox, the website will report an error to the admin so he can get the library fixed ASAP. In WebKit, the XSS attack knows about the "reportXSSFlawedPage" function, and overwrites it. The admin doesn't find out about the XSS flaw until quite a few users have been affected.
Comment 9 Eli Grey (:sephr) 2009-08-17 09:31:25 PDT
*** Bug 21701 has been marked as a duplicate of this bug. ***
Comment 10 Gavin Barraclough 2012-03-07 00:31:30 PST
Our const behavior currently doesn't respect any spec, and therefore can do whatever it wants. :-)

Our intention is to fix this by replacing our current implementation with one that implements Harmony block scoped const; this bug should be subsumed as a part of that change.

*** This bug has been marked as a duplicate of bug 31813 ***