Closed Bug 699826 Opened 13 years ago Closed 13 years ago

Nodelists should expose proto properties when indexing outside the list range

Categories

(Core :: DOM: Core & HTML, defect, P1)

x86
macOS
defect

Tracking

()

RESOLVED FIXED
mozilla11
Tracking Status
firefox10 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

(Whiteboard: [qa-])

Attachments

(1 file, 1 obsolete file)

At least if I read the spec right.
Assignee: nobody → bzbarsky
Priority: -- → P1
Whiteboard: [need review]
Version: 9 Branch → Trunk
(I believe the spec actually doesn't allow setting numeric expandos.)
Hmm. Well, we allow setting them at the moment; we just didn't allow getting them after that. That's detectable from script, I believe (e.g. per spec if I read it right the expando set should throw in strict mode). I could change this patch to just forward to proto and file a separate bug on disallowing setting numeric expandos, I guess. Peter?
(In reply to Boris Zbarsky (:bz) from comment #3) > Hmm. Well, we allow setting them at the moment; we just didn't allow > getting them after that. That's detectable from script, I believe (e.g. per > spec if I read it right the expando set should throw in strict mode). Yep. I hijacked bug 371711 for that.
Yeah, comment 2 is right; it's not possible to set numeric expandos, so it's just the prototype that you need to look up.
Attachment #572034 - Attachment is obsolete: true
Attachment #572034 - Flags: review?(peterv)
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. Review of attachment 572579 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/dombindings.cpp @@ +1030,4 @@ > } > } > > + if (getFromExpandoObject) { Could you add an assert here for !xpc::WrapperFactory::IsXrayWrapper(proxy)? We should really do that wherever we use the expando without checking because we rely on the way Xray wrappers implement their proxy handler. @@ +1079,5 @@ > if (!JS_IndexToId(cx, index, &id)) > return false; > > + // if hasIndexGetter, we skip the expando object > + if (hasIndexGetter) { I think this should be |if (!hasIndexGetter)|. Same thing about asserting !xpc::WrapperFactory::IsXrayWrapper(proxy).
Attachment #572579 - Flags: review?(peterv) → review+
> Could you add an assert here for !xpc::WrapperFactory::IsXrayWrapper(proxy)? I guess I should assert that at the top of both get() and getElementIfPresent(), right? Why is this OK to assert? > I think this should be |if (!hasIndexGetter)|. Yes, good catch!
Flags: in-testsuite+
Whiteboard: [need review]
(In reply to Boris Zbarsky (:bz) from comment #8) > I guess I should assert that at the top of both get() and > getElementIfPresent(), right? Yes. > Why is this OK to assert? Because Xray wrappers call ProxyHandler::get which calls getPropertyDescriptor, and the DOM bindings getPropertyDescriptor checks for IsXrayWrapper before returning expandos.
Target Milestone: --- → mozilla11
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. We should probably take this on aurora: this is fixing a potential web compat regression from the new nodelist bindings.
Attachment #572579 - Flags: approval-mozilla-aurora?
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. [Triage Comment] Please re-request for aurora (or rather beta for FF9 if necessary) once this lands on m-c.
Attachment #572579 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora-
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. Per comment 12, requesting approval.
Attachment #572579 - Flags: approval-mozilla-aurora- → approval-mozilla-aurora?
[triage comment] bz, does this also affect 9? 8? Is it new to 10 (on aurora)? How would the web compat hit show up?
This is new in 10, since it's a regression from bug 648801. The web compat hit would show up via web pages getting undefined when they expected to get some other value. I don't thnk it would be _common_ by any means, but it would be possible.
Blocks: 648801
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. [Triage Comment] * Given that we're in our second week of the cycle, and this is a regression in 10, let's take this for aurora.
Attachment #572579 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Whiteboard: [qa?]
Is this something QA can verify?
Yes. Just write a testcase that sets numeric properties on the prorotype and see whether they show up on the list.
Summary: Nodelists should expose expandos and proto properties when indexing outside the list range → Nodelists should expose proto properties when indexing outside the list range
I don't know how to write said testcase. I'll leave this as [qa?] to see if someone else can come up with a testcase or at least help me to write one.
Keywords: testcase-wanted
There's a testcase in the patch, but that passes, of course, since it runs as part of our automated tests...
(In reply to Boris Zbarsky (:bz) from comment #22) > There's a testcase in the patch, but that passes, of course, since it runs > as part of our automated tests... It sounds like this is covered "enough" then and can be safe marked VERIFIED...no?
I won't claim that I understand our bug verification criteria or motivations, so I have no idea...
I'm going to mark this as [qa-] for now as the fix is "verified" by automated tests and QA has not done anything to verify the fix directly (nor will we in the near term). Should anyone decide that this needs verification by QA in the future, please set the whiteboard tag to [qa+]. Thanks
Whiteboard: [qa?] → [qa-]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: