28752 – this in JSON.parse reviver is the global object

Bug 28752 - this in JSON.parse reviver is the global object

Summary: this in JSON.parse reviver is the global object

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:	http://lucassmith.name/pub/browser_bu...
Keywords:

Depends on:
Blocks:

Reported:	2009-08-26 15:40 PDT by Luke Smith
Modified:	2009-08-27 16:01 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch v1 (18.37 KB, patch) 2009-08-26 23:33 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Patch v1 (24.36 KB, patch) 2009-08-27 00:59 PDT, Oliver Hunt	barraclough: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke Smith 2009-08-26 15:40:38 PDT

ES 5 spec states that the Walk abstract function calls the reviver function's [[Call]] "passing holder as the this value"

Currently WebKit's JSON.parse implementation passes the global object as this.

Aside from the spec violation, this also prevents the reviver from creating additional properties on the object or referencing other properties of the current object for value determination during parse.  Any new properties created are added to the global object.

I noted this while reviewing my YUI examples for the JSON Utility (which defers to native implementations if present).
http://developer.yahoo.com/yui/examples/json/json_convert_values.html

Note: The page behaves correctly because it is either (if viewed before 9/2/09) using version 2.7.0 which is not leveraging native behavior , or it is (if viewed after 9/2/09) using version 2.8.0 and is configured NOT to use native behavior specifically because of this bug.

Comment 1 Oliver Hunt 2009-08-26 23:33:35 PDT

Created attachment 38658 [details]
Patch v1

Comment 2 Oliver Hunt 2009-08-26 23:48:54 PDT

Comment on attachment 38658 [details]
Patch v1

Sam mentioned some issues, and i realised there's an entire class of bug i had failed to notice.

Comment 3 Oliver Hunt 2009-08-27 00:59:24 PDT

Created attachment 38661 [details]
Patch v1

Comment 4 Gavin Barraclough 2009-08-27 01:37:00 PDT

Comment on attachment 38661 [details]
Patch v1

R+ with exception throw change from IRC.

Comment 5 Oliver Hunt 2009-08-27 01:39:58 PDT

Committed r47812

Comment 6 Mark Rowe (bdash) 2009-08-27 15:54:49 PDT

Should this now be closed?