Changeset 30871 in webkit for trunk/JavaScriptCore/kjs/nodes.h


Ignore:
Timestamp:
Mar 7, 2008, 11:46:33 AM (17 years ago)
Author:
[email protected]
Message:

JavaScriptCore:

Reviewed by Darin Adler.


Fixed <rdar://problem/5689093> Stricter (ES4) eval semantics


The basic rule is:


  • "eval(s)" is treated as an operator that gives the ES3 eval behavior.

... but only if there is no overriding declaration of "eval" in scope.

  • All other invocations treat eval as a function that evaluates a script in the context of its "this" object.

... but if its "this" object is not the global object it was
originally associated with, eval throws an exception.


Because only expressions of the form "eval(s)" have access to local
scope, the compiler can now statically determine whether a function
needs local scope to be dynamic.

  • kjs/nodes.h: Added FunctionCallEvalNode. It works just like FuncationCallResolveNode, except it statically indicates that the node may execute eval in the ES3 way.
  • kjs/nodes.cpp:
  • kjs/nodes2string.cpp:
  • tests/mozilla/expected.html: This patch happens to fix a Mozilla JS test, but it's a bit of a pyrrhic victory. The test intends to test Mozilla's generic API for calling eval on any object, but, in reality, we only support calling eval on the global object.

LayoutTests:

Reviewed by Darin Adler.

Tests for <rdar://problem/5689093> Stricter (ES4) eval semantics


  • fast/js/eval-cross-window-expected.txt: Added.
  • fast/js/eval-cross-window.html: Added.
  • fast/js/eval-keyword-vs-function-expected.txt: Added.
  • fast/js/eval-keyword-vs-function.html: Added.
  • fast/js/eval-overriding-expected.txt: Added.
  • fast/js/eval-overriding.html: Added.


Tests to make sure not to regress security:

  • http/tests/security/resources/xss-eval2.html: Added.
  • http/tests/security/resources/xss-eval3.html: Added.
  • http/tests/security/xss-eval-expected.txt: Added.
  • http/tests/security/xss-eval.html: Added.

I removed these tests because we no longer match the behavior they
expected, and the new tests are more comprehensive:


  • fast/js/window-eval-context-expected.txt: Removed.
  • fast/js/window-eval-context.html: Removed.
  • fast/js/window-eval-tearoff-expected.txt: Removed.
  • fast/js/window-eval-tearoff.html: Removed.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/JavaScriptCore/kjs/nodes.h

    r30109 r30871  
    4343namespace KJS {
    4444
     45    class ArgumentsNode;
    4546    class ConstDeclNode;
    4647    class FuncDeclNode;
     
    206207        // Used to optimize those nodes that do extra work when returning a result, even if the result has no semantic relevance
    207208        virtual void optimizeForUnnecessaryResult() { }
     209
     210    protected:
     211        typedef enum { EvalOperator, FunctionCall } CallerType;
     212        template <CallerType> inline JSValue* resolveAndCall(ExecState*, const Identifier&, ArgumentsNode*);
    208213    };
    209214
     
    681686    };
    682687
     688    class EvalFunctionCallNode : public ExpressionNode {
     689    public:
     690        EvalFunctionCallNode(ArgumentsNode* args) KJS_FAST_CALL
     691            : m_args(args)
     692        {
     693        }
     694
     695        virtual void optimizeVariableAccess(const SymbolTable&, const LocalStorage&, NodeStack&) KJS_FAST_CALL;
     696        virtual JSValue* evaluate(ExecState*) KJS_FAST_CALL;
     697        virtual void streamTo(SourceStream&) const KJS_FAST_CALL;
     698        virtual Precedence precedence() const { return PrecCall; }
     699
     700    private:
     701        RefPtr<ArgumentsNode> m_args;
     702    };
     703
    683704    class FunctionCallValueNode : public ExpressionNode {
    684705    public:
Note: See TracChangeset for help on using the changeset viewer.