RESOLVED FIXED Bug 27566
x-frame constructor calls are instantiated with the wrong prototype chain 
https://bugs.webkit.org/show_bug.cgi?id=27566
Summary x-frame constructor calls are instantiated with the wrong prototype chain
Eric Seidel (no email)
Reported 2009-07-22 14:55:48 PDT
x-frame constructor calls are instantiated with the wrong prototype chain This is kinda far out there, but I was in this area of code, so I wrote a test which shows we're wrong: Make sure prototypes are set up using the window a property came from, instead of the lexical global object. On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". FAIL (new inner.WebKitCSSMatrix).isInner should be true. Was false. FAIL (new inner.WebKitCSSMatrix).constructor.isInner should be true. Was false. FAIL (new inner.WebKitPoint).isInner should be true. Was false. FAIL (new inner.WebKitPoint).constructor.isInner should be true. Was false. FAIL (new inner.DOMParser).isInner should be true. Was false. FAIL (new inner.DOMParser).constructor.isInner should be true. Was false. FAIL (new inner.Option).isInner should be true. Was false. FAIL (new inner.Option).constructor.isInner should be true. Was false. FAIL (new inner.Audio).isInner should be true. Was false. FAIL (new inner.Audio).constructor.isInner should be true. Was false. FAIL (new inner.XPathEvaluator).isInner should be true. Was false. FAIL (new inner.XPathEvaluator).constructor.isInner should be true. Was false. FAIL (new inner.Image).isInner should be true. Was false. FAIL (new inner.Image).constructor.isInner should be true. Was false. FAIL (new inner.XMLSerializer).isInner should be true. Was false. FAIL (new inner.XMLSerializer).constructor.isInner should be true. Was false. FAIL (new inner.XMLHttpRequest).isInner should be true. Was false. FAIL (new inner.XMLHttpRequest).constructor.isInner should be true. Was false. PASS successfullyParsed is true TEST COMPLETE
Attachments
test case (needs HTML wrapper to run) (1.30 KB, application/x-javascript)
2009-07-22 14:58 PDT, Eric Seidel (no email) 		no flags
Details
patch (5.36 KB, patch)
2009-07-24 00:33 PDT, Eric Seidel (no email) 		abarth: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2009-07-22 14:58:49 PDT
Created attachment 33295 [details] test case (needs HTML wrapper to run)
Eric Seidel (no email)
Comment 2 2009-07-22 16:30:00 PDT
Btw, this test doesn't work in other browsers, because other browsers do not expose Constructor objects on the window as enumerable.
Eric Seidel (no email)
Comment 3 2009-07-24 00:27:15 PDT
I'm about to fix this with the patch on bug 27634! I'm going to use this patch for landing the FAILing test and I'll use bug 27634 to track landing the actual fixes.
Eric Seidel (no email)
Comment 4 2009-07-24 00:33:12 PDT
Created attachment 33411 [details] patch
Adam Barth
Comment 5 2009-07-24 00:38:26 PDT
Comment on attachment 33411 [details] patch Yay for more failing tests.
Eric Seidel (no email)
Comment 6 2009-07-24 00:42:17 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt A LayoutTests/fast/dom/constructed-objects-prototypes.html A LayoutTests/fast/dom/resources/constructed-objects-prototypes.js Committed r46326 M WebCore/ChangeLog M WebCore/page/DOMTimer.h M WebCore/page/DOMTimer.cpp r46324 = 9cec98c311e2b51ec3728e982846911095605505 (trunk) M WebKit/win/WebDownload.h M WebKit/win/ChangeLog M WebKit/win/DefaultDownloadDelegate.h M WebKit/win/WebMutableURLRequest.cpp M WebCore/ChangeLog M WebCore/platform/graphics/win/SimpleFontDataWin.cpp r46325 = eb9e6956d58e229a058170dcf18af388dbc0843c (trunk) M LayoutTests/ChangeLog A LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt A LayoutTests/fast/dom/resources/constructed-objects-prototypes.js A LayoutTests/fast/dom/constructed-objects-prototypes.html r46326 = 87f7406b26147c714b00dca7949667aa653501a6 (trunk) First, rewinding head to replay your work on top of it... Nothing to do. http://trac.webkit.org/changeset/46326
Note You need to log in before you can comment on or make changes to this bug.