Bug 167681 - REGRESSION(r205136): {}.toString.call(crossOriginWindow) should not throw
Summary: REGRESSION(r205136): {}.toString.call(crossOriginWindow) should not throw
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar, WebExposed
Depends on:
Blocks: 167701
  Show dependency treegraph
 
Reported: 2017-01-31 19:20 PST by Chris Dumez
Modified: 2017-02-01 12:25 PST (History)
7 users (show)

See Also:

Attachments
Patch (11.21 KB, patch)
2017-02-01 10:56 PST, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (11.37 KB, patch)
2017-02-01 11:48 PST, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2017-01-31 19:20:27 PST 
{}.toString.call(crossOriginWindow) should not throw.

Firefox and Chrome do not throw but WebKit ToT does (this may be a recent regression).

Test cases:
- http://w3c-test.org/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
- http://stuff.schub.io/mozilla/testcases/1321299/
Comment 1 Radar WebKit Bug Importer 2017-01-31 19:20:59 PST 
<rdar://problem/30301117>
Comment 2 Ryosuke Niwa 2017-02-01 01:14:22 PST 
This is indeed a regression from http://trac.webkit.org/changeset/205136.
Comment 3 Chris Dumez 2017-02-01 09:54:21 PST 
From https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-)
"""
If P is @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return PropertyDescriptor{ [[Value]]: undefined, [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }.
"""

I think this is the part we are missing.
Comment 4 Chris Dumez 2017-02-01 10:56:44 PST 
Created attachment 300338 [details]
Patch
Comment 5 Mark Lam 2017-02-01 11:07:40 PST 
Comment on attachment 300338 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300338&action=review

r=me with comment.

> LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:24
> -FAIL {}.toString.call() does the right thing on cross-origin objects Blocked a frame with origin "http://localhost:8800" from accessing a frame with origin "http://127.0.0.1:8800". Protocols, domains, and ports must match.
> +FAIL {}.toString.call() does the right thing on cross-origin objects assert_equals: expected "[object Object]" but got "[object Window]"

Can you fix the test to expect the correct thing?
Comment 6 Chris Dumez 2017-02-01 11:41:06 PST 
(In reply to comment #5)
> Comment on attachment 300338 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=300338&action=review
> 
> r=me with comment.
> 
> > LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:24
> > -FAIL {}.toString.call() does the right thing on cross-origin objects Blocked a frame with origin "http://localhost:8800" from accessing a frame with origin "http://127.0.0.1:8800". Protocols, domains, and ports must match.
> > +FAIL {}.toString.call() does the right thing on cross-origin objects assert_equals: expected "[object Object]" but got "[object Window]"
> 
> Can you fix the test to expect the correct thing?

I think the test is correct. We are supposed to return "[object Object]" but we report "[object Window]".
Comment 7 Chris Dumez 2017-02-01 11:48:43 PST 
Created attachment 300343 [details]
Patch
Comment 8 WebKit Commit Bot 2017-02-01 12:14:30 PST 
Comment on attachment 300343 [details]
Patch

Clearing flags on attachment: 300343

Committed r211504: <http://trac.webkit.org/changeset/211504>
Comment 9 WebKit Commit Bot 2017-02-01 12:14:36 PST 
All reviewed patches have been landed.  Closing bug.