Closed Bug 295151 Opened 19 years ago Closed 19 years ago

Is calling JS_ValueToString on content objects safe?

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: bzbarsky, Unassigned)

References

Details

I _think_ this is reasonably safe, but wasn't sure so wanted to file a bug. 
With the patch in bug 294957 we now call JS_ValueToString on the unwrapped JS
object if the XPCNativeWrapper's toString was overridden.  This could call
content-defined toString methods, I think... at least if I understand how this
works correctly.
I traced through this, and this seems to only use the class convert hook.  So
this should be safe.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.