Closed Bug 698551 Opened 13 years ago Closed 13 years ago

Nodelist prototype property getters/setters are called with wrong |this|

Categories

(Core :: JavaScript Engine, defect, P1)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10
Tracking Flags:
Tracking Status
firefox10 + fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

(Keywords: regression)

Attachments

(3 files, 1 obsolete file)

Testcase
301 bytes, text/html
Details
An even worse manifestation of this problem
403 bytes, text/html
Details
Including the test file too
7.11 KB, patch
Waldo
: review+
peterv
: review+
Details | Diff | Splinter Review 
See the attached testcase.  It should alert "[object HTMLBodyElement]", not undefined, and does in fx7.

This would be really easy to fix in the nodelist proxy code, except that the JS engined doesn't expose the APIs that do the right thing (that is, looking up the prop on the proto but using the proxy itself as |this|) to consumers.

I suspect we need to fix this for fx10....
Attached file Testcase 

    
    

    
  


  
We forward the fast paths to proto if it's been tampered with, so this testcase throws when it shouldn't.

    
    

    
  
I'm happy to take this given some indication of what public APIs would be acceptable here for jseng....

    
    

    
  
JSBool JS_ProxyGetPropertyTo(JSContext* cx, JSObject* obj, T propname, JSObject* onBehalfOf, jsval* vp);

perhaps, conditioned on a comment by it in jsapi.h explaining the exact meanings of obj and onBehalfOf, could do it.

    
    

    
  
Where T is a jsid for now?  Or would you prefer separate uint32 and property name variants?  If so, what should T be for the name variant?
Hardware: ARM → All
Version: 7 Branch → Trunk

    
    

    
  
T would be jsid and uint32 for now.  I need to add JSPropertyName to JSAPI so there could be a third variant for property names known not to be uint32 (and not special, but nothing anyone cares about is special) before you could add a JSPropertyName variant.

    
    

    
  


  
Now that I look at the code, maybe the api should use 'Forward' instead of 'Proxy'?

        Attachment #570841 -
        Flags: review?(peterv)

        Attachment #570841 -
        Flags: review?(jwalden+bmo)

    
    

    
  


  

        Attachment #570842 -
        Flags: review?(peterv)

        Attachment #570842 -
        Flags: review?(jwalden+bmo)

    
  

        Attachment #570841 -
        Attachment is obsolete: true

        Attachment #570841 -
        Flags: review?(peterv)

        Attachment #570841 -
        Flags: review?(jwalden+bmo)

    
  
Assignee: general → bzbarsky
Priority: -- → P1
Whiteboard: [need review]

    
  
Blocks: 698495

    
  

          tracking-firefox10:
          --- → ?
Keywords: regression

    
    

    
  
Comment on attachment 570842 [details] [diff] [review]
Including the test file too

Review of attachment 570842 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jsapi.h
@@ +3431,5 @@
>  extern JS_PUBLIC_API(JSBool)
>  JS_GetPropertyByIdDefault(JSContext *cx, JSObject *obj, jsid id, jsval def, jsval *vp);
>  
>  extern JS_PUBLIC_API(JSBool)
> +JS_ProxyGetPropertyTo(JSContext *cx, JSObject *obj, jsid id, JSObject *onBehalfOf, jsval *vp);

I suggested this name.  In isolation it's a reasonable name.  But now that I think about it, this kind of clashes a bit with Proxy objects and all that nonsense.  What do you think of JS_ForwardGetPropertyTo instead, mutatis mutandis for element?

        Attachment #570842 -
        Flags: review?(jwalden+bmo) → review+

    
    

    
  
Ahahaha, we had the same idea!  :-D  That's what I get for not reading bug commentas.

    
    

    
  
> Ahahaha, we had the same idea!

Yep.  I'll make that change.  ;)

        Attachment #570842 -
        Flags: review?(peterv) → review+

    
    

    
  
https://hg.mozilla.org/integration/mozilla-inbound/rev/73baf8c58b95
Flags: in-testsuite+
Whiteboard: [need review]
Target Milestone: --- → mozilla10

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/73baf8c58b95
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: