392949 - new XMLHttpRequest().open.toString() shows the actual code of the function

Status: VERIFIED INVALID

(Firefox :: General, defect)

Description

[Manix Rock]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6

Displays the source of the function, which should be protected.

Reproducible: Always

Steps to Reproduce:
1. Create a new html file.
2. write the following code:
<SCRIPT>
document.write("XMLHttpRequest.open: "+new XMLHttpRequest().open);
</SCRIPT>
3. Run the script.
Actual Results:  
function (method, url, async, username, password) { if (typeof async == "undefined") { async = false; } httpOpenWrapper(this, context, win, method, url, async, username, password); }

Expected Results:  
function open() { [native code] }

Comment 1

[Nickolay_Ponomarev]

I get: "XMLHttpRequest.open: function open() { [native code] }"

Sounds like you have an extension installed, which overrides XMLHttpRequest unsafely. Can you try reproducing with a new profile in a trunk ("Minefield") build? http://www.mozilla.org/support/firefox/profile

Comment 2

[Manix Rock]

thanks for pointing that out, Nickolay_Ponomarev. I've checked all my add-ons (I've got quite a few) and found the guilty one to be Firebug. They seem to replace the function so that they can display the connections in the firebug panel. They should have set "XMLHttpRequest.open.toString=function(){return 'function open {\n [native code]\n}'};" for better integration (for example someone might check to see if a function is a native function).

So this "bug" is has been "squashed".

Comment 3

[Nickolay_Ponomarev]

Thanks for confirming my thoughts and closing the bug! Much appreciated.