Closed
Bug 1013576
Opened 11 years ago
Closed 11 years ago
Duplicate property holders created in the XBL scope when bindings are applied to multiple element types
Categories
(Core :: XBL, defect)
Tracking
()
RESOLVED
FIXED
mozilla32
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(1 file)
|
8.00 KB,
patch
|
billm
:
review+
|
Details | Diff | Splinter Review |
Bill and I discovered this when crawling through the XBL code yesterday. I've got a patch with a large comment explaining the issue.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8425772 -
Flags: review?(wmccloskey)
|
|
Assignee | |
Comment 2•11 years ago
|
||
Comment on attachment 8425772 [details] [diff] [review]
Guard against duplicate property holder creation in XBL. v1
Review of attachment 8425772 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/xbl/nsXBLProtoImpl.cpp
@@ +96,5 @@
> + if (scopeObject != globalObject &&
> + !JS_GetOwnPropertyDescriptor(cx, scopeObject, className, &existingHolder)) {
> + return NS_ERROR_FAILURE;
> + }
> + bool propertyHolderIsNew = !existingHolder.object() || !existingHolder.value().isObject();
Could we be a little stronger here and assert that, if it exists, it's an object?
Attachment #8425772 -
Flags: review?(wmccloskey) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to Bill McCloskey (:billm) from comment #3)
> Could we be a little stronger here and assert that, if it exists, it's an
> object?
I don't think we should assert against conditions that script could trigger. And in this case, XBL script could do just that.
|
|
Assignee | |
Comment 5•11 years ago
|
||
|
||
Comment 6•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
You need to log in
before you can comment on or make changes to this bug.
Description
•