Bug 48953 - REGRESSION: Can't shadow/overwrite window.constructor (causes TypeError exception)
Summary: REGRESSION: Can't shadow/overwrite window.constructor (causes TypeError excep...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.6
: P1 Major
Assignee: Michael Saboff
URL:
Keywords: InRadar, Regression
Depends on:
Blocks:
 
Reported: 2010-11-03 14:13 PDT by Matt Cooper
Modified: 2011-03-22 16:22 PDT (History)
5 users (show)

See Also:

Attachments
This attachment is simply an html test page that houses the code that throws the unexpected TypeError in WebKit nightly only (1.06 KB, text/html)
2010-11-03 14:14 PDT, Matt Cooper 		no flags Details
Patch to allow setting window.constructor. (9.68 KB, patch)
2010-12-22 16:29 PST, Michael Saboff 		no flags Details | Formatted Diff | Diff
Updated patch with whitespace fixes. (9.53 KB, patch)
2010-12-22 16:45 PST, Michael Saboff 		sam: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Cooper 2010-11-03 14:13:28 PDT 
In the latest WebKit nightly, I am seeing an unexpected error message:

TypeError: Result of expression 'TestSample' [[object DOMWindowConstructor]] is not a constructor.

for code that works just fine in Apple Safari 5.0.2, Google Chrome 7.0.517.41, and Firefox 3.6.11.

----

var constructor = new Function("id", "desc", "this.id = id; this.description = desc;");
constructor.prototype.setDescription = function(desc){this.description = desc};
constructor.prototype.getDescription = function(){return this.description};

// Changing the order of the following 2 lines does not make a difference:
window["TestSample"] = constructor;
constructor.getInstanceFromFactory = function (id, desc){return new TestSample(id, desc);};

var sample = TestSample.getInstanceFromFactory("hello","success if you see this");
alert(sample.getDescription());

----

Expected result is that you see an alert with the text "success if you see this" but in WebKit nightly, the above JavaScript TypeError is logged in the JavaScript console instead.
Comment 1 Matt Cooper 2010-11-03 14:14:30 PDT 
Created attachment 72868 [details]
This attachment is simply an html test page that houses the code that throws the unexpected TypeError in WebKit nightly only
Comment 2 Matt Cooper 2010-12-20 13:29:27 PST 
This issue is still reproducing over a month later in r74228 (today's latest nightly).

I also see the problem manifest on pages like this one:
http://jdevadf.oracle.com/adf-richclient-demo/faces/index.jspx
Comment 3 Alexey Proskuryakov 2010-12-20 13:32:37 PST 
<rdar://problem/8790587>
Comment 4 Geoffrey Garen 2010-12-20 14:46:27 PST 
The bug here is that window.constructor (a property that exists on all objects by default) can't be shadowed / overwritten.
Comment 5 Geoffrey Garen 2010-12-20 14:48:08 PST 
I believe this may have been caused by Michael's recent change to the DOMWindow constructor object.
Comment 6 Michael Saboff 2010-12-20 16:45:32 PST 
It appears that this was caused with change set <http://trac.webkit.org/changeset/69553>, the change to https://bugs.webkit.org/show_bug.cgi?id=47422  "DOMWindow constructor directly callable".
Comment 7 Michael Saboff 2010-12-22 16:29:15 PST 
Created attachment 77274 [details]
Patch to allow setting window.constructor.

Added a new extended attribute to the JavaScript code generator called ReplaceableConstructor that will generate a setJS<class>Constructor() method.  Added this attribute to the DOMWindow interface.
Updated a test and added a new regression test.
Comment 8 Michael Saboff 2010-12-22 16:45:02 PST 
Created attachment 77277 [details]
Updated patch with whitespace fixes.
Comment 9 Michael Saboff 2010-12-23 09:44:36 PST 
Committed revision http://trac.webkit.org/changeset/74537
Comment 10 Matt Cooper 2011-03-22 16:22:22 PDT 
Note that while this bug was fixed in WebKit, the issue still manifests in the mobile version of Safari on iOS 4.3.