What steps will reproduce the problem? 1. Open the JavaScript console (Ctrl-Shift-J) 2. Type "undefined = this" without the quotes 3. Type "undefined = 1" without the quotes Original Chromium bug: crbug.com/88414
It is not necessarily undefined=this; right hand side value may be any object with cyclic reference, so the steps could be changed to: 1. Open the JavaScript console (Ctrl-Shift-J) 2. Type "var x = {a:1}; x.self = x; undefined = x;" without the quotes 3. Type "unknownVar" without the quotes
Created attachment 100098 [details] Patch
Comment on attachment 100098 [details] Patch How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file?
Comment on attachment 100098 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=100098&action=review > Source/WebCore/inspector/InjectedScriptSource.js:456 > + // Avoid explicit assignment to undefined as its value can be overriden (see crbug.com/88414). ..overridden..
Committed r90614: <http://trac.webkit.org/changeset/90614>
(In reply to comment #3) > (From update of attachment 100098 [details]) > How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file? I don't see a good way to achieve this without affecting the application that decided to modify undefined value.
(In reply to comment #6) > (In reply to comment #3) > > (From update of attachment 100098 [details] [details]) > > How do we make sure undefined is not used? Declare "var trueUndefined" in the top of the file? > > I don't see a good way to achieve this without affecting the application that decided to modify undefined value. We could emulate worst-case conditions in all tests(override JSON object, undefined value and whatever we need).