Closed
Bug 764307
Opened 13 years ago
Closed 8 years ago
cross-compartment wrappers don't reflect updates to wrapped __proto__
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: luke, Unassigned)
Details
(Whiteboard: [js:p2])
When an object is given a transparent wrapper, the prototype is wrapped and copied into the wrapper object. That means that if the prototype of the wrappee is updated, the update will not be reflected in the wrapper.
I don't yet know if this is a real problem and, since __proto__ is non-standard (esp. being able to mutate it), I'd be inclined to wait and see. (cpg of course makes this change visible to the web, so filing to give people a heads up.)
Should we need to fix this, there is a relatively straightforward solution of, when __proto__ is set, looking up the object in all cross-compartment wrapper maps and updating any wrappers found. This is gnarly and best avoided.
Reporter | ||
Comment 1•13 years ago
|
||
Shell example:
var g = newGlobal('new-compartment');
g.eval('var x = new Object()');
var x = g.x;
var xpro = Object.getPrototypeOf(x);
assertEq(xpro, g.Object.prototype);
g.eval('x.__proto__ = null');
assertEq(Object.getPrototypeOf(x) === null, true); // fails
assertEq(Object.getPrototypeOf(x) !== xpro, false); // fails
Reporter | ||
Comment 2•12 years ago
|
||
To wit: __proto__ works, thus, extending the test-case in comment, this assertion also fails:
assertEq(Object.getPrototypeOf(x) === x.__proto__, true); // fails
The reason is that __proto__ is just a property lookup which enters x's compartment which finds the live value of x.__proto__. On the bright side, if code is using non-standard __proto__ to set __proto__, they can just read __proto__ to get the correct value.
I think the real fix to this is to never read a wrapper's prototype field (make it null or something).
Updated•12 years ago
|
Whiteboard: [js:p2]
Assignee | ||
Updated•10 years ago
|
Assignee: general → nobody
Comment 3•8 years ago
|
||
This doesn't seem to be an issue anymore, resolving as WFM.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•