Bug 152294 - Web Inspector: Parse InjectedScriptSource as a built-in to get guaranteed non-user-overriden built-ins
Summary: Web Inspector: Parse InjectedScriptSource as a built-in to get guaranteed non...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Joseph Pecoraro
URL:
Keywords: InRadar
: 154403 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-12-14 21:35 PST by Joseph Pecoraro
Modified: 2017-05-09 16:35 PDT (History)
9 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Pecoraro 2015-12-14 21:35:35 PST
* SUMMARY
Parse InjectedScriptSource as a built-in to get guaranteed non-user-overriden built-ins.

During debugging, InjectedScriptSource.js gets evaluated in the main context of each page / JSGlobalContext. Because of this it must be careful to avoid user overridable functions that may not behave as expected.

For example instead it cannot just use `Object` because that is `global.Object` and can be overridden by the page to do whatever it wants, like `global.Object = function() { throw "Error"; }`.

There are many functions which we cannot "avoid" using, but cannot be guaranteed that they aren't overriden by the user.

    Object, Array, String
    Object.getOwnPropertyNames
    Object.getOwnPropertyDescriptor
    Object.getOwnPropertySymbols
    Object.prototype.hasOwnProperty
    Object.prototype.__defineGetter__
    Function.prototype.call
    Element.prototype.hasAttribute

There are plenty we could re-implement ourselves, but would mostly be a waste:

    Set
    String.prototype.trim
    String.prototype.replace

Instead, we should just use the built-in logic in which case we can guarantee we are using the built-in versions of these:

    @Set
    @Object.@getOwnPropertySymbols
    ...

It might get a bit tricky as we move to WebCore accessors (Element.prototype.hasAttribute), but we can fix the majority of brittle code here by using builtins.

* TEST
<script>
window.Set = function() { throw "Error"; }
</script>

* STEPS TO REPRODUCE
1. Inspect test page
2. js> window
3. Expand window object in the console
  => ASSERT in debug builds, No properties in Release builds
Comment 1 Radar WebKit Bug Importer 2015-12-14 21:36:08 PST
<rdar://problem/23895760>
Comment 2 BJ Burg 2015-12-15 09:07:21 PST
This would be awesome. Are you going to put up a patch?
Comment 3 Timothy Hatcher 2016-02-18 12:27:23 PST
*** Bug 154403 has been marked as a duplicate of this bug. ***