For JSC binding for JavaScript IDL files, say, Base and Derived where Derived derives from Base, the JSC binding generator generates native to JS binding toJS(native object) for the base interface but not the derived interface. So "JSValue toJS(A*)" will be generated but not" JSValue toJS(B*)". with IndexedDB support, IDBAny is the wildcard interface that can be many things, like IDBRequest, IDBIndex, IDBCursor, IDBCursorWithValue. toJS(IDBAny*) generates corresponding JSValue according to the real data it holds. case IDBAny::IDBCursorType: return toJS(exec, globalObject, idbAny->idbCursor()); case IDBAny::IDBCursorWithValueType: return toJS(exec, globalObject, idbAny->idbCursorWithValue()); Actually generates both to IDBCursor objects, because there's no toJS(exec, globalObject, IDBCursorWithValue*) generated by the code generator because IDBCursorWithValue interface is derived from IDBCursor interface. So when the IDBCursor JSObject is generated for IDBCursorWithValue, it can't access the attributes (the value) hold by the actual IDBCursorWithValue object.
Created attachment 145183 [details] Patch
Comment on attachment 145183 [details] Patch Clearing flags on attachment: 145183 Committed r119561: <http://trac.webkit.org/changeset/119561>
All reviewed patches have been landed. Closing bug.
Moving all JavaScriptGlue bugs to JavaScriptCore. The JavaScriptGlue framework itself is long gone. And most of the more recent bugs put in this component were put there by people who thought this was for some other aspect of “JavaScript glue” and have nothing to do with the actual original reason for the existence of this component, which was an OS-X-only framework named JavaScriptGlue.