x-frame constructor calls are instantiated with the wrong prototype chain This is kinda far out there, but I was in this area of code, so I wrote a test which shows we're wrong: Make sure prototypes are set up using the window a property came from, instead of the lexical global object. On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". FAIL (new inner.WebKitCSSMatrix).isInner should be true. Was false. FAIL (new inner.WebKitCSSMatrix).constructor.isInner should be true. Was false. FAIL (new inner.WebKitPoint).isInner should be true. Was false. FAIL (new inner.WebKitPoint).constructor.isInner should be true. Was false. FAIL (new inner.DOMParser).isInner should be true. Was false. FAIL (new inner.DOMParser).constructor.isInner should be true. Was false. FAIL (new inner.Option).isInner should be true. Was false. FAIL (new inner.Option).constructor.isInner should be true. Was false. FAIL (new inner.Audio).isInner should be true. Was false. FAIL (new inner.Audio).constructor.isInner should be true. Was false. FAIL (new inner.XPathEvaluator).isInner should be true. Was false. FAIL (new inner.XPathEvaluator).constructor.isInner should be true. Was false. FAIL (new inner.Image).isInner should be true. Was false. FAIL (new inner.Image).constructor.isInner should be true. Was false. FAIL (new inner.XMLSerializer).isInner should be true. Was false. FAIL (new inner.XMLSerializer).constructor.isInner should be true. Was false. FAIL (new inner.XMLHttpRequest).isInner should be true. Was false. FAIL (new inner.XMLHttpRequest).constructor.isInner should be true. Was false. PASS successfullyParsed is true TEST COMPLETE
Created attachment 33295 [details] test case (needs HTML wrapper to run)
Btw, this test doesn't work in other browsers, because other browsers do not expose Constructor objects on the window as enumerable.
I'm about to fix this with the patch on bug 27634! I'm going to use this patch for landing the FAILing test and I'll use bug 27634 to track landing the actual fixes.
Created attachment 33411 [details] patch
Comment on attachment 33411 [details] patch Yay for more failing tests.
Committing to http://svn.webkit.org/repository/webkit/trunk ... M LayoutTests/ChangeLog A LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt A LayoutTests/fast/dom/constructed-objects-prototypes.html A LayoutTests/fast/dom/resources/constructed-objects-prototypes.js Committed r46326 M WebCore/ChangeLog M WebCore/page/DOMTimer.h M WebCore/page/DOMTimer.cpp r46324 = 9cec98c311e2b51ec3728e982846911095605505 (trunk) M WebKit/win/WebDownload.h M WebKit/win/ChangeLog M WebKit/win/DefaultDownloadDelegate.h M WebKit/win/WebMutableURLRequest.cpp M WebCore/ChangeLog M WebCore/platform/graphics/win/SimpleFontDataWin.cpp r46325 = eb9e6956d58e229a058170dcf18af388dbc0843c (trunk) M LayoutTests/ChangeLog A LayoutTests/fast/dom/constructed-objects-prototypes-expected.txt A LayoutTests/fast/dom/resources/constructed-objects-prototypes.js A LayoutTests/fast/dom/constructed-objects-prototypes.html r46326 = 87f7406b26147c714b00dca7949667aa653501a6 (trunk) First, rewinding head to replay your work on top of it... Nothing to do. http://trac.webkit.org/changeset/46326