There's an unexpected behavior in Safari 11.1 after retrieving data from indexedDB inside an iframe: the values cannot be properly checked against constructors with instanceof. Pseudo code run in an iframe: // Store this record in indexedDB const record = { array: [1, 2, 3] }; // Same record retrieved later from indexedDB: const record = event.target.result; record.array instanceof Array; // expected true but false in Safari 11.1 record.array instanceof window.parent.Array; // expected false but true in Safari 11.1 Tested on Safari Version 11.1 (13605.1.33.1.4) on macOS High Sierra 10.13.4. The issue also occurs for Uint8Array, a.s.o. and probably all "constructed" types. A lot of libraries and home-made code rely on instanceof to work as expected on values retrieved from indexedDB in an iframe. Full test case: https://gist.github.com/maximerety/92431f6f4cc9ea8f684de8c124469995 Related issue: https://github.com/feross/buffer/issues/166
Created attachment 341118 [details] Minimal test case I have attached a minimal test case that demonstrates the issue. Note: You cannot run this from a file:// URL, as those cannot create IndexedDB databases. I believe Safari also restricts IndexedDB databases in private browsing mode, so it must be a regular browser window. Expected output (in console) (you see this output in Chrome and Firefox): Testing in main context! result.array instanceof Array: true result.array instanceof window.top.Array: true Array.isArray(result.array): true result.arrayBuffer instanceof ArrayBuffer: true result.arrayBuffer instanceof window.top.ArrayBuffer: true Testing in iframe context! result.array instanceof Array: true result.array instanceof window.top.Array: false Array.isArray(result.array): true result.arrayBuffer instanceof ArrayBuffer: true result.arrayBuffer instanceof window.top.ArrayBuffer: false test complete. Actual output: [Log] Testing in main context! (idb_bug.html, line 36) [Log] result.array instanceof Array: true (idb_bug.html, line 23) [Log] result.array instanceof window.top.Array: true (idb_bug.html, line 24) [Log] Array.isArray(result.array): true (idb_bug.html, line 25) [Log] result.arrayBuffer instanceof ArrayBuffer: true (idb_bug.html, line 26) [Log] result.arrayBuffer instanceof window.top.ArrayBuffer: true (idb_bug.html, line 27) [Log] Testing in iframe context! (about:srcdoc, line 30) [Log] result.array instanceof Array: false (about:srcdoc, line 19) [Log] result.array instanceof window.top.Array: true (about:srcdoc, line 20) [Log] Array.isArray(result.array): true (about:srcdoc, line 21) [Log] result.arrayBuffer instanceof ArrayBuffer: false (about:srcdoc, line 22) [Log] result.arrayBuffer instanceof window.top.ArrayBuffer: true (about:srcdoc, line 23) [Log] test complete. (about:srcdoc, line 30)
<rdar://problem/40583100>
Possibly a duplicate of https://bugs.webkit.org/show_bug.cgi?id=182097
Created attachment 355815 [details] Patch
Comment on attachment 355815 [details] Patch r=me
Comment on attachment 355815 [details] Patch Clearing flags on attachment: 355815 Committed r238676: <https://trac.webkit.org/changeset/238676>
All reviewed patches have been landed. Closing bug.
*** Bug 182097 has been marked as a duplicate of this bug. ***