This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 20777 - Getting a property from the global scope polluter ends up in an infinite loop
Summary: Getting a property from the global scope polluter ends up in an infinite loop
Status: RESOLVED FIXED
Alias: None
Product: WebAppsWG
Classification: Unclassified
Component: WebIDL (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Target Milestone: ---
Assignee: Cameron McCormack
QA Contact: public-webapps-bugzilla
URL:
Whiteboard: [v1]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-25 17:00 UTC by Ms2ger
Modified: 2013-08-04 07:28 UTC (History)
3 users (show)

See Also:


Attachments

Description Ms2ger 2013-01-25 17:00:55 UTC
Calling [[GetOwnProperty]] on the GSP ends us in [1]. In step 3, we call the "named property visibility algorithm" [2] with object /object/ (==window). In step 7 there, we call [[HasProperty]] on window.__proto__ == Window.prototype. This walks the prototype chain [3] and ends up calling [[GetOwnProperty]] on the GSP again.

[1] http://dev.w3.org/2006/webapi/WebIDL/#named-properties-object-getownproperty
[2] http://dev.w3.org/2006/webapi/WebIDL/#dfn-named-property-visibility
[3] http://ecma-international.org/ecma-262/5.1/#sec-8.12.6
Comment 1 Boris Zbarsky 2013-01-25 17:05:44 UTC
Note that we only need to pass in the Window because we need to know stuff about its interface.  We could pass the interface to the named property visibility algorithm and then pass in the gsp or its proto...

That said, I'm also not sure what step 4 of this algorithm means.  Does it not involve calling [[GetOwnProperty]] on the object?  Should it talk about calling the default [[GetOwnProperty]] or something?
Comment 2 Ms2ger 2013-01-25 17:09:36 UTC
If fact, it looks like steps 4-8 are just "return !O.[[HasProperty]](P)".
Comment 3 Cameron McCormack 2013-08-04 07:28:57 UTC
I fixed it by manually traversing up the prototype chain and skipping the named properties object.

http://dev.w3.org/cvsweb/2006/webapi/WebIDL/Overview.xml.diff?r1=1.679;r2=1.680;f=h
http://dev.w3.org/cvsweb/2006/webapi/WebIDL/v1.xml.diff?r1=1.121;r2=1.122;f=h