Ignore:
Timestamp:
Jul 12, 2003, 9:01:36 AM (22 years ago)
Author:
darin
Message:

Reviewed by Dave.

  • fixed 3272777 -- array object indices treated as integers by Safari, but as strings in other web browsers

JavaScriptCore did not implement the proper rule for what an array index is.

  • kjs/array_object.cpp: (getArrayIndex): Added. Implements the rule from the specification, which also provides a handy "not an array index" value of 232-1. (ArrayInstanceImp::get): Use getArrayIndex. (ArrayInstanceImp::put): Ditto. (ArrayInstanceImp::hasProperty): Ditto. (ArrayInstanceImp::setLength): Ditto.
  • kjs/identifier.h: Removed now-unused toULong, and added toStrictUInt32, in both cases forwarding functions that forward to UString.
  • kjs/ustring.h: Added toStringUInt32.
  • kjs/ustring.cpp: (UString::toStrictUInt32): Added. Converts a string to a 32-bit unsigned integer, and rejects any string that does not exactly match the way the integer would be formatted on output. This is the rule documented in the ECMA language standard.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/kjs/array_object.cpp

    r3478 r4630  
    7171}
    7272
     73// Rule from ECMA 15.2 about what an array index is.
     74// Must exactly match string form of an unsigned integer, and be less than 2^32 - 1.
     75
     76const unsigned maxUInt32 = 0xFFFFFFFFU;
     77const unsigned notArrayIndex = maxUInt32;
     78
     79unsigned getArrayIndex(const Identifier &propertyName)
     80{
     81  bool ok;
     82  unsigned index = propertyName.toStrictUInt32(&ok);
     83  if (!ok || index >= maxUInt32)
     84    return notArrayIndex;
     85  return index;
     86}
     87
    7388Value ArrayInstanceImp::get(ExecState *exec, const Identifier &propertyName) const
    7489{
     
    7691    return Number(length);
    7792
    78   bool ok;
    79   unsigned index = propertyName.toULong(&ok);
    80   if (ok) {
     93  unsigned index = getArrayIndex(propertyName);
     94  if (index != notArrayIndex) {
    8195    if (index >= length)
    8296      return Undefined();
     
    110124  }
    111125 
    112   bool ok;
    113   unsigned index = propertyName.toULong(&ok);
    114   if (ok) {
     126  unsigned index = getArrayIndex(propertyName);
     127  if (index != notArrayIndex) {
    115128    put(exec, index, value, attr);
    116129    return;
     
    144157    return true;
    145158 
    146   bool ok;
    147   unsigned index = propertyName.toULong(&ok);
    148   if (ok) {
     159  unsigned index = getArrayIndex(propertyName);
     160  if (index != notArrayIndex) {
    149161    if (index >= length)
    150162      return false;
     
    253265    while (it != sparseProperties.end()) {
    254266      Reference ref = it++;
    255       bool ok;
    256       if (ref.getPropertyName(exec).toULong(&ok) > newLength) {
     267      unsigned index = getArrayIndex(ref.getPropertyName(exec));
     268      if (index != notArrayIndex && index > newLength) {
    257269        ref.deleteValue(exec);
    258270      }
Note: See TracChangeset for help on using the changeset viewer.