Last Comment Bug 654370 - instanceof operators doesn't work in a sandbox
: instanceof operators doesn't work in a sandbox
Product: Core
Classification: Components
Component: XPConnect (show other bugs)
: Trunk
: All All
-- normal (vote)
: ---
Assigned To: Blake Kaplan (:mrbkap)
: Andrew Overholt [:overholt]
Depends on:
  Show dependency treegraph
Reported: 2011-05-02 22:28 PDT by Jan Honza Odvarko [:Honza]
Modified: 2012-01-29 00:08 PST (History)
8 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Proposed fix (3.87 KB, patch)
2011-05-17 00:28 PDT, Blake Kaplan (:mrbkap)
gal: review+
Details | Diff | Splinter Review

Description User image Jan Honza Odvarko [:Honza] 2011-05-02 22:28:11 PDT
I am facing a problem when using instanceof operator within a sandbox,
see the following example:

var Cu = Components.utils;
var sandbox = new Cu.Sandbox(window);
var script = "function (obj, type) { return obj instanceof type; }";
var instanceOf = Cu.evalInSandbox(script, sandbox, "1.8", "Test", 1);
instanceOf({}, Window);

I have evaluated this code in Error Console (Tools -> Error Console)
command line.
(just to note that changing wantXrays doesn't make any difference)

Firefox 3.6 returns false
Firefox 4.0 returns true
Firefox 5.0 (Aurora) returns true

So, only Firefox 3.6 works as expected.

Related thread:

Comment 1 User image Boris Zbarsky [:bz] (still a bit busy) 2011-05-03 06:27:28 PDT
Blake, Andreas, this sounds like proxy fail of some sort...
Comment 2 User image Blake Kaplan (:mrbkap) 2011-05-17 00:28:06 PDT
Created attachment 532885 [details] [diff] [review]
Proposed fix

Everywhere except in jswrapper that we call into the JSClass's hasInstance hook, we initialize the out parameter to false. I don't know if that's an implicit part of the API, but it lead to us reading an uninitialized boolean because nsDOMClassInfo depended on this behavior.

It's a little weird to have a guaranteed-initialized out parameter coming from the JS engine, so I fixed nsDOMClassInfo to not depend on it, but also initialized the out param in the proxy code to be on the safe side.
Comment 3 User image Blake Kaplan (:mrbkap) 2011-05-17 06:56:36 PDT (gal sent me an r=him over e-mail as he's without a net connection at the moment).
Comment 4 User image Rob Campbell [:rc] (:robcee) 2011-05-17 09:18:07 PDT
was he in an airplane at the time?
Comment 5 User image Chris Leary [:cdleary] (not checking bugmail) 2011-05-23 14:12:33 PDT
cdleary-bot mozilla-central merge info:

Note You need to log in before you can comment on or make changes to this bug.