JavaScriptCore:
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 12 Jan 2008 07:19:27 +0000 (07:19 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 12 Jan 2008 07:19:27 +0000 (07:19 +0000)
commitaab95359c9b2fc046fdbd5da8aa63139c162a550
tree9c2e5dda81d291e621a6cf722300154d6a22e529
parentb16ec5677aee295fc9f707f9152d873db8ecaf01
JavaScriptCore:

        Reviewed by Oliver Hunt.

        Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
        variable access (16644)

        This bug was caused by var declarations shadowing built-in properties of
        the global object.

        To match Firefox, we've decided that var declarations will never shadow
        built-in properties of the global object or its prototypes. We used to
        behave more like IE, which allows shadowing, but walking that line got
        us into trouble with websites that sent us down the Firefox codepath.

        * kjs/JSVariableObject.h:
        (KJS::JSVariableObject::symbolTableGet): New code to support calling
        hasProperty before the variable object is fully initialized (so you
        can call it during initialization).

        * kjs/nodes.cpp:.
        (KJS::ProgramNode::initializeSymbolTable): Always do a full hasProperty
        check when looking for duplicates, not getDirect, since it only checks
        the property map, and not hasOwnProperty, since it doesn't check
        prototypes.
        (KJS::EvalNode::processDeclarations): ditto

        * kjs/property_slot.h:
        (KJS::PropertySlot::ungettableGetter): Best function name evar.

WebCore:

        Reviewed by Oliver Hunt.

        Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
        variable access (16644)

        Removed the ReadOnly bit from some properties, to match Firefox. Also
        removed status-related setters, to allow using their names as variable
        names.

        * bindings/scripts/CodeGeneratorJS.pm: Added support for properties that
        are one-way across domain boundaries, to match Firefox.

        * bindings/js/kjs_window.cpp: Changed ReadOnly declarations to match FF.

        * bindings/scripts/CodeGeneratorJS.pm: Don't use JSObject:: because
        we don't know that JSObject is our base class.

        * page/DOMWindow.idl: Replaced lots of readonly declarations with
        [Replaceable] declarations.

        * page/DOMWindow.h: Removed interfaces for setting status text via the
        DOM. (They were getting in the way of, e.g., "var status"
        declarations.) By default, IE 7 and FF disable these interfaces in order
        to defend against phishing attacks that try to spoof domain names in the
        statusbar.
        * page/DOMWindow.cpp:

LayoutTests:

        Reviewed by Oliver Hunt.

        Fixed <rdar://problem/5665251> REGRESSION (r28880-r28886): Global
        variable access (16644)

        Added a test. Updated other tests to match new behavior.

        * fast/js/var-declarations-shadowing-expected.txt: Added.
        * fast/js/var-declarations-shadowing.html: Added.

        * fast/dom/HTMLScriptElement/script-load-events.html: Changed this test
        a bit because the original design made it hard to understand why it was failing.
        * fast/dom/HTMLScriptElement/script-load-events-expected.txt:

        * fast/dom/Window/get-set-properties.html: Changed this test to expect
        our new behavior, which matches Firefox.
        * fast/dom/Window/get-set-properties-expected.txt:

        * fast/dom/Window/window-property-shadowing.html: Removed some cases
        that differed from Firefox.
        * fast/dom/Window/window-property-shadowing-expected.txt:

        * http/tests/security/cross-frame-access-put-expected.txt: This test emits
        more "Unsafe JavaScript attempt" messages now because property sets that
        used to be prohibited (somewhat accidentally) by the ReadOnly attribute
        are now prohibited by security checks.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@29428 268f45cc-cd09-0410-ab3c-d52691b4dbfc
21 files changed:
JavaScriptCore/ChangeLog
JavaScriptCore/kjs/JSVariableObject.h
JavaScriptCore/kjs/nodes.cpp
JavaScriptCore/kjs/property_slot.cpp
JavaScriptCore/kjs/property_slot.h
LayoutTests/ChangeLog
LayoutTests/fast/dom/HTMLScriptElement/script-load-events-expected.txt
LayoutTests/fast/dom/HTMLScriptElement/script-load-events.html
LayoutTests/fast/dom/Window/get-set-properties-expected.txt
LayoutTests/fast/dom/Window/get-set-properties.html
LayoutTests/fast/dom/Window/window-property-shadowing-expected.txt
LayoutTests/fast/dom/Window/window-property-shadowing.html
LayoutTests/fast/js/var-declarations-shadowing-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/var-declarations-shadowing.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-put-expected.txt
WebCore/ChangeLog
WebCore/bindings/js/kjs_window.cpp
WebCore/bindings/scripts/CodeGeneratorJS.pm
WebCore/page/DOMWindow.cpp
WebCore/page/DOMWindow.h
WebCore/page/DOMWindow.idl