Changeset 171543 in webkit for trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

Timestamp:

Jul 24, 2014, 3:56:05 PM (11 years ago)

Author:

[email protected]

Message:

Creating a JSGlobalObject with a custom JSClassRef results in a JSProxy with the wrong prototype
​https://bugs.webkit.org/show_bug.cgi?id=135250

Reviewed by Geoffrey Garen.

JSGlobalObject::resetPrototype (which is called from JSGlobalContextCreateInGroup) doesn't change its
JSProxy's prototype as well. This results in a JSProxy where no properties in the original prototype
chain (as created from the JSClassRef hierarchy) are accessible. Changing resetPrototype to also change
the JSProxy's prototype fixes the issue.

• API/JSValueRef.cpp:

(JSValueIsObjectOfClass): Also fixed a bug where a JSProxy for a JSGlobalObject with a custom JSClassRef
would claim it wasn't of the specified class, even if the target was of the specified class.

• API/tests/CustomGlobalObjectClassTest.c: Added.

(jsDoSomething):
(customGlobalObjectClassTest):

• API/tests/CustomGlobalObjectClassTest.h: Added.
• API/tests/testapi.c:

(assertTrue):
(main):

• JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
• JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::resetPrototype):

File:

• trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -624 +624 @@
     if (oldLastInPrototypeChain != objectPrototype)
         oldLastInPrototypeChain->setPrototype(vm, objectPrototype);
+
+    // Whenever we change the prototype of the global object, we need to create a new JSProxy with the correct prototype.
+    setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, prototype, PureForwardingProxyType), this));
 }