mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1369680 - Use HasOwnProperty when resolving lazy properties to avoid triggering proxy traps in the proto-chain. r=jandem

This commit is contained in:
André Bargull 2017-06-02 16:11:42 +02:00
Родитель 9d623a021a
Коммит 6663e29a55
3 изменённых файлов: 74 добавлений и 11 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
js/src/jsfun.cpp
Просмотреть файл

@ -77,16 +77,16 @@ fun_enumerate(JSContext* cx, HandleObject obj)
if (!obj->isBoundFunction() && !obj->as<JSFunction>().isArrow()) {
id = NameToId(cx->names().prototype);
if (!HasProperty(cx, obj, id, &found))
if (!HasOwnProperty(cx, obj, id, &found))
return false;
}
id = NameToId(cx->names().length);
if (!HasProperty(cx, obj, id, &found))
if (!HasOwnProperty(cx, obj, id, &found))
return false;
id = NameToId(cx->names().name);
if (!HasProperty(cx, obj, id, &found))
if (!HasOwnProperty(cx, obj, id, &found))
return false;
return true;

63
js/src/tests/ecma_6/Proxy/proxy-proto-lazy-props.js Normal file
Просмотреть файл

@ -0,0 +1,63 @@
function makeProxyPrototype(target) {
return Object.setPrototypeOf(target, new Proxy({}, new Proxy({
getPrototypeOf() {
return null;
},
ownKeys() {
return [];
},
get(t, pk, r) {
// Handle the non-standard __iterator__ hook.
if (pk !== "__iterator__")
throw new Error("Unexpected [[Get]]: " + String(pk));
}
}, {
get(t, pk, r) {
if (pk in t)
return Reflect.get(t, pk, r);
throw new Error("Unexpected trap called: " + pk);
}
})));
}
function enumerateMappedArgs(x) {
var a = makeProxyPrototype(arguments);
// Delete all lazy properties and ensure no [[Has]] trap is called for them
// on the prototype chain.
delete a.length;
delete a.callee;
delete a[Symbol.iterator];
delete a[0];
for (var k in a);
}
enumerateMappedArgs(0);
function enumerateUnmappedArgs(x) {
"use strict";
var a = makeProxyPrototype(arguments);
delete a.length;
// delete a.callee; // .callee is non-configurable
delete a[Symbol.iterator];
delete a[0];
for (var k in a);
}
enumerateUnmappedArgs(0);
function enumerateFunction() {
var f = makeProxyPrototype(function named() {});
// delete f.prototype; // .prototype is non-configurable
delete f.length;
delete f.name;
for (var k in f);
}
enumerateFunction();
if (typeof reportCompare === "function")
reportCompare(0, 0);

16
js/src/vm/ArgumentsObject.cpp
Просмотреть файл

@ -613,20 +613,20 @@ MappedArgumentsObject::obj_enumerate(JSContext* cx, HandleObject obj)
// Trigger reflection.
id = NameToId(cx->names().length);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
id = NameToId(cx->names().callee);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
id = SYMBOL_TO_JSID(cx->wellKnownSymbols().iterator);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
for (unsigned i = 0; i < argsobj->initialLength(); i++) {
id = INT_TO_JSID(i);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
}
@ -803,20 +803,20 @@ UnmappedArgumentsObject::obj_enumerate(JSContext* cx, HandleObject obj)
// Trigger reflection.
id = NameToId(cx->names().length);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
id = NameToId(cx->names().callee);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
id = SYMBOL_TO_JSID(cx->wellKnownSymbols().iterator);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
for (unsigned i = 0; i < argsobj->initialLength(); i++) {
id = INT_TO_JSID(i);
if (!HasProperty(cx, argsobj, id, &found))
if (!HasOwnProperty(cx, argsobj, id, &found))
return false;
}