Skip to content
  • barraclough@apple.com's avatar
    Poisoning of strict caller,arguments inappropriately poisoning "in" · 69e904a8
    barraclough@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=63398
    
    Reviewed by Oliver Hunt.
    
    Source/JavaScriptCore: 
    
    This fixes the problem by correctly implementing the spec -
    the error should actually be being thrown from a standard JS getter/setter.
    This implements spec correct behaviour for strict mode JS functions & bound
    functions, I'll follow up with a patch to do the same for arguments.
    
    * runtime/JSBoundFunction.cpp:
    (JSC::JSBoundFunction::finishCreation):
        - Add the poisoned caller/arguments properties.
    * runtime/JSBoundFunction.h:
    * runtime/JSFunction.cpp:
    (JSC::JSFunction::finishCreation):
    (JSC::JSFunction::getOwnPropertySlot):
    (JSC::JSFunction::getOwnPropertyDescriptor):
    (JSC::JSFunction::put):
        - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
    * runtime/JSFunction.h:
    * runtime/JSGlobalObject.cpp:
    (JSC::JSGlobalObject::createThrowTypeError):
    (JSC::JSGlobalObject::visitChildren):
    * runtime/JSGlobalObject.h:
    (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
        - Add a ThrowTypeError type, per ES5 13.2.3.
    * runtime/JSGlobalObjectFunctions.cpp:
    (JSC::globalFuncThrowTypeError):
    * runtime/JSGlobalObjectFunctions.h:
        - Implementation of ThrowTypeError.
    * runtime/JSObject.cpp:
    (JSC::JSObject::initializeGetterSetterProperty):
    * runtime/JSObject.h:
        - This function adds a new property (must not exist already) that is an initialized getter/setter.
    
    LayoutTests: 
    
    * fast/js/basic-strict-mode-expected.txt:
    * fast/js/script-tests/basic-strict-mode.js:
        - Add tests.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@97905 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    69e904a8