Bug 20777 - Getting a property from the global scope polluter ends up in an infinite loop
Getting a property from the global scope polluter ends up in an infinite loop
Status: RESOLVED FIXED
Product: WebAppsWG
Classification: Unclassified
Component: WebIDL
unspecified
All All
: P2 normal
: ---
Assigned To: Cameron McCormack
public-webapps-bugzilla
[v1]
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-25 17:00 UTC by Ms2ger
Modified: 2013-08-04 07:28 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ms2ger 2013-01-25 17:00:55 UTC
Calling [[GetOwnProperty]] on the GSP ends us in [1]. In step 3, we call the "named property visibility algorithm" [2] with object /object/ (==window). In step 7 there, we call [[HasProperty]] on window.__proto__ == Window.prototype. This walks the prototype chain [3] and ends up calling [[GetOwnProperty]] on the GSP again.

[1] http://dev.w3.org/2006/webapi/WebIDL/#named-properties-object-getownproperty
[2] http://dev.w3.org/2006/webapi/WebIDL/#dfn-named-property-visibility
[3] http://ecma-international.org/ecma-262/5.1/#sec-8.12.6
Comment 1 Boris Zbarsky 2013-01-25 17:05:44 UTC
Note that we only need to pass in the Window because we need to know stuff about its interface.  We could pass the interface to the named property visibility algorithm and then pass in the gsp or its proto...

That said, I'm also not sure what step 4 of this algorithm means.  Does it not involve calling [[GetOwnProperty]] on the object?  Should it talk about calling the default [[GetOwnProperty]] or something?
Comment 2 Ms2ger 2013-01-25 17:09:36 UTC
If fact, it looks like steps 4-8 are just "return !O.[[HasProperty]](P)".
Comment 3 Cameron McCormack 2013-08-04 07:28:57 UTC
I fixed it by manually traversing up the prototype chain and skipping the named properties object.

http://dev.w3.org/cvsweb/2006/webapi/WebIDL/Overview.xml.diff?r1=1.679;r2=1.680;f=h
http://dev.w3.org/cvsweb/2006/webapi/WebIDL/v1.xml.diff?r1=1.121;r2=1.122;f=h