Closed
Bug 699826
Opened 13 years ago
Closed 13 years ago
Nodelists should expose proto properties when indexing outside the list range
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla11
| Tracking | Status | |
|---|---|---|
| firefox10 | --- | fixed |
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
(Whiteboard: [qa-])
Attachments
(1 file, 1 obsolete file)
|
5.70 KB,
patch
|
peterv
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
At least if I read the spec right.
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → bzbarsky
Priority: -- → P1
Whiteboard: [need review]
Version: 9 Branch → Trunk
|
|
Assignee | |
Comment 1•13 years ago
|
||
Attachment #572034 -
Flags: review?(peterv)
|
||
Comment 2•13 years ago
|
||
(I believe the spec actually doesn't allow setting numeric expandos.)
|
|
Assignee | |
Comment 3•13 years ago
|
||
Hmm. Well, we allow setting them at the moment; we just didn't allow getting them after that. That's detectable from script, I believe (e.g. per spec if I read it right the expando set should throw in strict mode). I could change this patch to just forward to proto and file a separate bug on disallowing setting numeric expandos, I guess. Peter?
|
|
||
Comment 4•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #3) > Hmm. Well, we allow setting them at the moment; we just didn't allow > getting them after that. That's detectable from script, I believe (e.g. per > spec if I read it right the expando set should throw in strict mode). Yep. I hijacked bug 371711 for that.
|
||
Comment 5•13 years ago
|
||
Yeah, comment 2 is right; it's not possible to set numeric expandos, so it's just the prototype that you need to look up.
|
|
Assignee | |
Comment 6•13 years ago
|
||
Attachment #572579 -
Flags: review?(peterv)
|
|
Assignee | |
Updated•13 years ago
|
Attachment #572034 -
Attachment is obsolete: true
Attachment #572034 -
Flags: review?(peterv)
|
||
Comment 7•13 years ago
|
||
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. Review of attachment 572579 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/dombindings.cpp @@ +1030,4 @@ > } > } > > + if (getFromExpandoObject) { Could you add an assert here for !xpc::WrapperFactory::IsXrayWrapper(proxy)? We should really do that wherever we use the expando without checking because we rely on the way Xray wrappers implement their proxy handler. @@ +1079,5 @@ > if (!JS_IndexToId(cx, index, &id)) > return false; > > + // if hasIndexGetter, we skip the expando object > + if (hasIndexGetter) { I think this should be |if (!hasIndexGetter)|. Same thing about asserting !xpc::WrapperFactory::IsXrayWrapper(proxy).
Attachment #572579 -
Flags: review?(peterv) → review+
|
|
Assignee | |
Comment 8•13 years ago
|
||
> Could you add an assert here for !xpc::WrapperFactory::IsXrayWrapper(proxy)? I guess I should assert that at the top of both get() and getElementIfPresent(), right? Why is this OK to assert? > I think this should be |if (!hasIndexGetter)|. Yes, good catch!
|
|
Assignee | |
Comment 9•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/9543018be98c
Flags: in-testsuite+
Whiteboard: [need review]
|
|
||
Comment 10•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #8) > I guess I should assert that at the top of both get() and > getElementIfPresent(), right? Yes. > Why is this OK to assert? Because Xray wrappers call ProxyHandler::get which calls getPropertyDescriptor, and the DOM bindings getPropertyDescriptor checks for IsXrayWrapper before returning expandos.
|
||
Updated•13 years ago
|
Target Milestone: --- → mozilla11
|
|
Assignee | |
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 11•13 years ago
|
||
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. We should probably take this on aurora: this is fixing a potential web compat regression from the new nodelist bindings.
Attachment #572579 -
Flags: approval-mozilla-aurora?
|
||
Comment 12•13 years ago
|
||
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. [Triage Comment] Please re-request for aurora (or rather beta for FF9 if necessary) once this lands on m-c.
Attachment #572579 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora-
|
|
Assignee | |
Updated•13 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
||
Comment 13•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/9543018be98c
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 14•13 years ago
|
||
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. Per comment 12, requesting approval.
Attachment #572579 -
Flags: approval-mozilla-aurora- → approval-mozilla-aurora?
|
||
Comment 15•13 years ago
|
||
[triage comment] bz, does this also affect 9? 8? Is it new to 10 (on aurora)? How would the web compat hit show up?
Keywords: #relman/triage/needs-info
|
|
Assignee | |
Comment 16•13 years ago
|
||
This is new in 10, since it's a regression from bug 648801. The web compat hit would show up via web pages getting undefined when they expected to get some other value. I don't thnk it would be _common_ by any means, but it would be possible.
Blocks: 648801
|
|
||
Comment 17•13 years ago
|
||
Comment on attachment 572579 [details] [diff] [review] Fix nodelist access out of bounds to correctly forward to the proto. [Triage Comment] * Given that we're in our second week of the cycle, and this is a regression in 10, let's take this for aurora.
Attachment #572579 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Keywords: #relman/triage/needs-info
|
|
Assignee | |
Comment 18•13 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/6f4131d4bd72
status-firefox10:
--- → fixed
|
||
Comment 19•13 years ago
|
||
Is this something QA can verify?
|
|
Assignee | |
Comment 20•13 years ago
|
||
Yes. Just write a testcase that sets numeric properties on the prorotype and see whether they show up on the list.
Summary: Nodelists should expose expandos and proto properties when indexing outside the list range → Nodelists should expose proto properties when indexing outside the list range
|
|
||
Comment 21•13 years ago
|
||
I don't know how to write said testcase. I'll leave this as [qa?] to see if someone else can come up with a testcase or at least help me to write one.
Keywords: testcase-wanted
|
|
Assignee | |
Comment 22•13 years ago
|
||
There's a testcase in the patch, but that passes, of course, since it runs as part of our automated tests...
|
|
||
Comment 23•13 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #22) > There's a testcase in the patch, but that passes, of course, since it runs > as part of our automated tests... It sounds like this is covered "enough" then and can be safe marked VERIFIED...no?
|
|
Assignee | |
Comment 24•13 years ago
|
||
I won't claim that I understand our bug verification criteria or motivations, so I have no idea...
|
|
||
Comment 25•13 years ago
|
||
I'm going to mark this as [qa-] for now as the fix is "verified" by automated tests and QA has not done anything to verify the fix directly (nor will we in the near term). Should anyone decide that this needs verification by QA in the future, please set the whiteboard tag to [qa+]. Thanks
Whiteboard: [qa?] → [qa-]
|
||
Updated•9 years ago
|
Keywords: testcase-wanted
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•