js_watch_set doesn't need that crazy dummy frame

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: luke, Assigned: luke)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 attachment)

(Assignee)

Description

7 years ago
Created attachment 467615 [details] [diff] [review]
rm

When there is both a watchpoint and setter on the same property, the result of the watchpoint is passed to the setter.  As Blake explained: back in the day, before the age of wrapperization, there was a potential security hole whereby, e.g., content watchpoints could inject content values into chrome setters.  That was the problem fixed by the dummy frame.  With wrappers, though, there should be no such mingling and thus this dummy frame is no longer necessary.  It's also a massive breaker of invariants I'd like to have for bug 539144.
Attachment #467615 - Flags: review?(mrbkap)
Comment on attachment 467615 [details] [diff] [review]
rm

Woo-hoo!
Attachment #467615 - Flags: review?(mrbkap) → review+
I managed to dis-remember this dis-gusting history. Kill this code with fire, salt the earth, drive it before you and hear the lamentation da wimmin!

/be
(Assignee)

Comment 3

7 years ago
Indeed, that is best in life.

http://hg.mozilla.org/tracemonkey/rev/b22e82ce2364
Whiteboard: fixed-in-tracemonkey
http://www.youtube.com/watch?v=OBGOQ7SsJrw

/be

Comment 5

7 years ago
http://hg.mozilla.org/mozilla-central/rev/b22e82ce2364
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.