See https://github.com/tc39/proposal-realms/issues/200#issuecomment-471254838 and the enclosing thread. The traps seen * are surprising * violate the spec * differ from the behavior seen on chrome and firefox * are currently blocking the realms shim from working on safari/jsc Once we understand these bugs we can probably modify the realms shim to work and maintain security despite these bugs. But until we understand these bugs, we cannot be confident that even the current realms shim maintains security. We need to know how the with-on-a-proxy trapping behavior differs from the spec. Thanks.
There's some more detail here: https://github.com/tc39/proposal-realms/issues/200#issuecomment-472190359. This is a minimal repro case: const alwaysThrowHandler = new Proxy(Object.freeze({}), { get(target, prop) { throw new Error(`unexpected scope handler trap called: ${prop}`) } }) const proxy = new Proxy(Object.create(this), { __proto__: alwaysThrowHandler, get: (target, prop) => target[prop], has: (target, prop) => true, }) with (proxy) eval(`(async () => {})()`) This runs fine with V8 but throws "unexpected scope handler trap called: getPrototypeOf" in JSC. Putting a breakpoint on "ProxyObject::performGetPrototype" shows that it comes from "JSScope::resolve" being called with "newPromiseCapability", which I think is from the implementation of "let promiseCapability be @newPromiseCapability(@Promise)" in BytecodeGenerator.cpp.
<rdar://problem/49392145>
See https://github.com/DimensionDev/realms-shim/commit/55963b0b26c92235123afb0a95c251e0f48fd59d#commitcomment-34258398 Does this workaround look safe? Should we do something narrower?
What is the status of this?
I think that the main issue is fixed at some point. [Log] async function expression, uninvoked (test.html, line 27) [Log] async function expression, invoked (test.html, line 35) [Log] async function declaration and invocation (test.html, line 43) [Log] trapped outer/has – "shouldExistInTrapScope does not exist" (test.html, line 9) [Log] trapped inner/has – "shouldExistInTrapScope does not exist" (test.html, line 9) [Log] accessing actual property of with-object (test.html, line 52) [Log] trapped outer/has – "shouldExistInTrapScope does not exist" (test.html, line 9) [Log] trapped outer/get – "shouldExistInTrapScope does not exist" (test.html, line 9) [Log] trapped inner/get – "shouldExistInTrapScope does not exist" (test.html, line 9) [Log] trapped outer/get – "shouldExistInTrapScope does not exist" (test.html, line 9) > [Log] trapped outer/has – "shouldExistInTrapScope does not exist" (test.html, line 9) > [Log] trapped inner/has – "shouldExistInTrapScope does not exist" (test.html, line 9) They are because of function declaration scope.
Yes, this is fixed in Safari 13. Thanks! *** This bug has been marked as a duplicate of bug 200898 ***
(In reply to Yusuke Suzuki from comment #6) > Yes, this is fixed in Safari 13. Thanks! > > *** This bug has been marked as a duplicate of bug 200898 *** Ah, no, it is Safari 13.1 (April's release).
Yeah, I've checked deeply and ensured that this is fixed in last Safari release, thanks for your report!