source: webkit/trunk/JavaScriptCore/kjs/JSVariableObject.h@ 29428

Last change on this file since 29428 was 29428, checked in by [email protected], 17 years ago

JavaScriptCore:

Reviewed by Oliver Hunt.


Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
variable access (16644)


This bug was caused by var declarations shadowing built-in properties of
the global object.


To match Firefox, we've decided that var declarations will never shadow
built-in properties of the global object or its prototypes. We used to
behave more like IE, which allows shadowing, but walking that line got
us into trouble with websites that sent us down the Firefox codepath.

  • kjs/JSVariableObject.h: (KJS::JSVariableObject::symbolTableGet): New code to support calling hasProperty before the variable object is fully initialized (so you can call it during initialization).
  • kjs/nodes.cpp:. (KJS::ProgramNode::initializeSymbolTable): Always do a full hasProperty check when looking for duplicates, not getDirect, since it only checks the property map, and not hasOwnProperty, since it doesn't check prototypes. (KJS::EvalNode::processDeclarations): ditto
  • kjs/property_slot.h: (KJS::PropertySlot::ungettableGetter): Best function name evar.

WebCore:

Reviewed by Oliver Hunt.


Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
variable access (16644)


Removed the ReadOnly bit from some properties, to match Firefox. Also
removed status-related setters, to allow using their names as variable
names.


  • bindings/scripts/CodeGeneratorJS.pm: Added support for properties that are one-way across domain boundaries, to match Firefox.
  • bindings/js/kjs_window.cpp: Changed ReadOnly declarations to match FF.
  • bindings/scripts/CodeGeneratorJS.pm: Don't use JSObject:: because we don't know that JSObject is our base class.
  • page/DOMWindow.idl: Replaced lots of readonly declarations with [Replaceable] declarations.
  • page/DOMWindow.h: Removed interfaces for setting status text via the DOM. (They were getting in the way of, e.g., "var status" declarations.) By default, IE 7 and FF disable these interfaces in order to defend against phishing attacks that try to spoof domain names in the statusbar.
  • page/DOMWindow.cpp:

LayoutTests:

Reviewed by Oliver Hunt.


Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
variable access (16644)


Added a test. Updated other tests to match new behavior.


  • fast/js/var-declarations-shadowing-expected.txt: Added.
  • fast/js/var-declarations-shadowing.html: Added.
  • fast/dom/HTMLScriptElement/script-load-events.html: Changed this test a bit because the original design made it hard to understand why it was failing.
  • fast/dom/HTMLScriptElement/script-load-events-expected.txt:


  • fast/dom/Window/get-set-properties.html: Changed this test to expect our new behavior, which matches Firefox.
  • fast/dom/Window/get-set-properties-expected.txt:
  • fast/dom/Window/window-property-shadowing.html: Removed some cases that differed from Firefox.
  • fast/dom/Window/window-property-shadowing-expected.txt:
  • http/tests/security/cross-frame-access-put-expected.txt: This test emits more "Unsafe JavaScript attempt" messages now because property sets that used to be prohibited (somewhat accidentally) by the ReadOnly attribute are now prohibited by security checks.
File size: 4.7 KB
Line 
1/*
2 * Copyright (C) 2007 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
18 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
21 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29#ifndef JSVariableObject_h
30#define JSVariableObject_h
31
32#include "LocalStorage.h"
33#include "SymbolTable.h"
34#include "object.h"
35
36namespace KJS {
37
38 class JSVariableObject : public JSObject {
39 public:
40 SymbolTable& symbolTable() { return *d->symbolTable; }
41 LocalStorage& localStorage() { return d->localStorage; }
42
43 void saveSymbolTable(SymbolTable& s) const;
44 void restoreSymbolTable(SymbolTable& s) const;
45
46 void saveLocalStorage(SavedProperties& s) const;
47 void restoreLocalStorage(SavedProperties& s) const;
48
49 virtual bool deleteProperty(ExecState*, const Identifier&);
50 virtual void getPropertyNames(ExecState*, PropertyNameArray&);
51
52 virtual void mark();
53
54 protected:
55 // Subclasses of JSVariableObject can subclass this struct to add data
56 // without increasing their own size (since there's a hard limit on the
57 // size of a JSCell).
58 struct JSVariableObjectData {
59 JSVariableObjectData() { }
60
61 JSVariableObjectData(SymbolTable* s)
62 : symbolTable(s) // Subclass owns this pointer.
63 {
64 }
65
66 LocalStorage localStorage; // Storage for variables in the symbol table.
67 SymbolTable* symbolTable; // Maps name -> index in localStorage.
68
69 };
70
71 JSVariableObject() { }
72
73 JSVariableObject(JSVariableObjectData* data)
74 : d(data) // Subclass owns this pointer.
75 {
76 }
77
78 JSVariableObject(JSValue* proto, JSVariableObjectData* data)
79 : JSObject(proto)
80 , d(data) // Subclass owns this pointer.
81 {
82 }
83
84 bool symbolTableGet(const Identifier&, PropertySlot&);
85 bool symbolTablePut(const Identifier&, JSValue*, int attr);
86
87 JSVariableObjectData* d;
88 };
89
90 inline bool JSVariableObject::symbolTableGet(const Identifier& propertyName, PropertySlot& slot)
91 {
92 size_t index = symbolTable().get(propertyName.ustring().rep());
93 if (index != missingSymbolMarker()) {
94#ifndef NDEBUG
95 // During initialization, the variable object needs to advertise that it has certain
96 // properties, even if they're not ready for access yet. This check verifies that
97 // no one tries to access such a property.
98
99 // In a release build, we optimize this check away and just return an invalid pointer.
100 // There's no harm in an invalid pointer, since no one dereferences it.
101 if (index >= d->localStorage.size()) {
102 slot.setUngettable(this);
103 return true;
104 }
105#endif
106 slot.setValueSlot(this, &d->localStorage[index].value);
107 return true;
108 }
109
110 return false;
111 }
112
113 inline bool JSVariableObject::symbolTablePut(const Identifier& propertyName, JSValue* value, int attr)
114 {
115 size_t index = symbolTable().get(propertyName.ustring().rep());
116 if (index != missingSymbolMarker()) {
117 LocalStorageEntry& entry = d->localStorage[index];
118 entry.value = value;
119 entry.attributes = attr;
120 return true;
121 }
122
123 return false;
124 }
125
126} // namespace KJS
127
128#endif // JSVariableObject_h
Note: See TracBrowser for help on using the repository browser.