Diff
Modified: trunk/LayoutTests/ChangeLog (274560 => 274561)
--- trunk/LayoutTests/ChangeLog 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/LayoutTests/ChangeLog 2021-03-17 16:01:40 UTC (rev 274561)
@@ -1,3 +1,13 @@
+2021-03-17 Alexey Shvayka <[email protected]>
+
+ [WebIDL] Fix convertRecord() to throw on enumerable symbol |key|
+ https://bugs.webkit.org/show_bug.cgi?id=223231
+
+ Reviewed by Darin Adler.
+
+ * fast/dom/DOMURL/searchparams-expected.txt:
+ * fast/dom/DOMURL/searchparams.html:
+
2021-03-17 Youenn Fablet <[email protected]>
Align device orientation delegate to getUserMedia/geolocation delegates
Modified: trunk/LayoutTests/fast/dom/DOMURL/searchparams-expected.txt (274560 => 274561)
--- trunk/LayoutTests/fast/dom/DOMURL/searchparams-expected.txt 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/LayoutTests/fast/dom/DOMURL/searchparams-expected.txt 2021-03-17 16:01:40 UTC (rev 274561)
@@ -2,4 +2,5 @@
CONSOLE MESSAGE: PASS
CONSOLE MESSAGE: PASS
CONSOLE MESSAGE: PASS
+CONSOLE MESSAGE: PASS threw exception TypeError: Cannot convert a symbol to a string.
Modified: trunk/LayoutTests/fast/dom/DOMURL/searchparams.html (274560 => 274561)
--- trunk/LayoutTests/fast/dom/DOMURL/searchparams.html 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/LayoutTests/fast/dom/DOMURL/searchparams.html 2021-03-17 16:01:40 UTC (rev 274561)
@@ -18,4 +18,10 @@
b.delete("a");
console.log(b == "" ? "PASS" : "FAIL");
+try {
+ new URLSearchParams({ [Symbol()]: "a" });
+ console.log("FAIL");
+} catch (err) {
+ console.log(`PASS threw exception ${err}.`);
+}
</script>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (274560 => 274561)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-03-17 16:01:40 UTC (rev 274561)
@@ -1,3 +1,12 @@
+2021-03-17 Alexey Shvayka <[email protected]>
+
+ [WebIDL] Fix convertRecord() to throw on enumerable symbol |key|
+ https://bugs.webkit.org/show_bug.cgi?id=223231
+
+ Reviewed by Darin Adler.
+
+ * web-platform-tests/fetch/api/headers/headers-record-expected.txt:
+
2021-03-16 Alexey Shvayka <[email protected]>
Cache cross-origin methods / accessors of Window and Location per lexical global object
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-record-expected.txt (274560 => 274561)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-record-expected.txt 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-record-expected.txt 2021-03-17 16:01:40 UTC (rev 274561)
@@ -10,6 +10,6 @@
PASS Correct operation ordering with non-enumerable properties
PASS Correct operation ordering with undefined descriptors
PASS Correct operation ordering with repeated keys
-FAIL Basic operation with Symbol keys assert_throws_js: function "function () { var h = new Headers(proxy); }" did not throw
-FAIL Operation with non-enumerable Symbol keys assert_equals: expected 9 but got 8
+PASS Basic operation with Symbol keys
+PASS Operation with non-enumerable Symbol keys
Modified: trunk/Source/_javascript_Core/ChangeLog (274560 => 274561)
--- trunk/Source/_javascript_Core/ChangeLog 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-03-17 16:01:40 UTC (rev 274561)
@@ -1,3 +1,16 @@
+2021-03-17 Alexey Shvayka <[email protected]>
+
+ [WebIDL] Fix convertRecord() to throw on enumerable symbol |key|
+ https://bugs.webkit.org/show_bug.cgi?id=223231
+
+ Reviewed by Darin Adler.
+
+ Export SymbolCoercionError.
+
+ * runtime/JSCJSValue.cpp:
+ (JSC::JSValue::toStringSlowCase const):
+ * runtime/JSCJSValue.h:
+
2021-03-16 Ross Kirsling <[email protected]>
[JSC] Implement Error#cause
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp (274560 => 274561)
--- trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValue.cpp 2021-03-17 16:01:40 UTC (rev 274561)
@@ -35,6 +35,8 @@
namespace JSC {
+const ASCIILiteral SymbolCoercionError { "Cannot convert a symbol to a string"_s };
+
double JSValue::toIntegerPreserveNaN(JSGlobalObject* globalObject) const
{
if (isInt32())
@@ -488,7 +490,7 @@
return returnString;
}
if (isSymbol()) {
- throwTypeError(globalObject, scope, "Cannot convert a symbol to a string"_s);
+ throwTypeError(globalObject, scope, SymbolCoercionError);
return errorValue();
}
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValue.h (274560 => 274561)
--- trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2021-03-17 16:01:40 UTC (rev 274561)
@@ -133,6 +133,8 @@
LinkTimeConstant,
};
+extern JS_EXPORT_PRIVATE const ASCIILiteral SymbolCoercionError;
+
class JSValue {
friend struct EncodedJSValueHashTraits;
friend struct EncodedJSValueWithRepresentationHashTraits;
Modified: trunk/Source/WebCore/ChangeLog (274560 => 274561)
--- trunk/Source/WebCore/ChangeLog 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/WebCore/ChangeLog 2021-03-17 16:01:40 UTC (rev 274561)
@@ -1,3 +1,37 @@
+2021-03-17 Alexey Shvayka <[email protected]>
+
+ [WebIDL] Fix convertRecord() to throw on enumerable symbol |key|
+ https://bugs.webkit.org/show_bug.cgi?id=223231
+
+ Reviewed by Darin Adler.
+
+ This change removes String type filter from getOwnPropertyNames() call [1] so
+ [[GetOwnProperty]] is invoked for a symbol |key|, which is observable by Proxy,
+ and a TypeError is raised (with helpful error message) if it's enumerable.
+
+ Instead of throwing right in convertRecord(), identifierToString() is added,
+ making IdentifierConverter reusable and close to the spec [2], rather than
+ implicitly dependent on identifier being a string.
+
+ Identifier::string() called on a symbol returns it's [[Description]], which is
+ very undesirable.
+
+ Aligns WebKit with Blink and Gecko.
+
+ Tests: imported/w3c/web-platform-tests/fetch/api/headers/headers-record.html
+ fast/dom/DOMURL/searchparams.html
+
+ [1] https://heycam.github.io/webidl/#es-record (step 3)
+ [2] https://heycam.github.io/webidl/#es-DOMString (step 2)
+
+ * bindings/js/JSDOMConvertRecord.h:
+ (WebCore::Detail::IdentifierConverter<IDLDOMString>::convert):
+ * bindings/js/JSDOMConvertStrings.cpp:
+ (WebCore::identifierToString):
+ (WebCore::identifierToByteString):
+ (WebCore::identifierToUSVString):
+ * bindings/js/JSDOMConvertStrings.h:
+
2021-03-17 Simon Fraser <[email protected]>
Optimize FillLayer::imagesIdentical()
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertRecord.h (274560 => 274561)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertRecord.h 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertRecord.h 2021-03-17 16:01:40 UTC (rev 274561)
@@ -38,9 +38,9 @@
struct IdentifierConverter;
template<> struct IdentifierConverter<IDLDOMString> {
- static String convert(JSC::JSGlobalObject&, const JSC::Identifier& identifier)
+ static String convert(JSC::JSGlobalObject& lexicalGlobalObject, const JSC::Identifier& identifier)
{
- return identifier.string();
+ return identifierToString(lexicalGlobalObject, identifier);
}
};
@@ -99,9 +99,8 @@
HashMap<KeyType, size_t> resultMap;
// 4. Let keys be ? O.[[OwnPropertyKeys]]().
- JSC::PropertyNameArray keys(vm, JSC::PropertyNameMode::Strings, JSC::PrivateSymbolMode::Exclude);
+ JSC::PropertyNameArray keys(vm, JSC::PropertyNameMode::StringsAndSymbols, JSC::PrivateSymbolMode::Exclude);
object->methodTable(vm)->getOwnPropertyNames(object, &lexicalGlobalObject, keys, JSC::DontEnumPropertiesMode::Include);
-
RETURN_IF_EXCEPTION(scope, { });
// 5. Repeat, for each element key of keys in List order:
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.cpp (274560 => 274561)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.cpp 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.cpp 2021-03-17 16:01:40 UTC (rev 274561)
@@ -32,6 +32,17 @@
namespace WebCore {
using namespace JSC;
+String identifierToString(JSGlobalObject& lexicalGlobalObject, const Identifier& identifier)
+{
+ if (UNLIKELY(identifier.isSymbol())) {
+ auto scope = DECLARE_THROW_SCOPE(lexicalGlobalObject.vm());
+ throwTypeError(&lexicalGlobalObject, scope, SymbolCoercionError);
+ return { };
+ }
+
+ return identifier.string();
+}
+
static inline String stringToByteString(JSGlobalObject& lexicalGlobalObject, JSC::ThrowScope& scope, String&& string)
{
if (!string.isAllLatin1()) {
@@ -47,7 +58,8 @@
VM& vm = lexicalGlobalObject.vm();
auto scope = DECLARE_THROW_SCOPE(vm);
- auto string = identifier.string();
+ auto string = identifierToString(lexicalGlobalObject, identifier);
+ RETURN_IF_EXCEPTION(scope, { });
return stringToByteString(lexicalGlobalObject, scope, WTFMove(string));
}
@@ -82,10 +94,9 @@
return result.toString();
}
-String identifierToUSVString(JSGlobalObject&, const Identifier& identifier)
+String identifierToUSVString(JSGlobalObject& lexicalGlobalObject, const Identifier& identifier)
{
- auto string = identifier.string();
- return stringToUSVString(WTFMove(string));
+ return stringToUSVString(identifierToString(lexicalGlobalObject, identifier));
}
String valueToUSVString(JSGlobalObject& lexicalGlobalObject, JSValue value)
Modified: trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.h (274560 => 274561)
--- trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.h 2021-03-17 15:54:27 UTC (rev 274560)
+++ trunk/Source/WebCore/bindings/js/JSDOMConvertStrings.h 2021-03-17 16:01:40 UTC (rev 274561)
@@ -31,6 +31,7 @@
namespace WebCore {
+WEBCORE_EXPORT String identifierToString(JSC::JSGlobalObject&, const JSC::Identifier&);
WEBCORE_EXPORT String identifierToByteString(JSC::JSGlobalObject&, const JSC::Identifier&);
WEBCORE_EXPORT String valueToByteString(JSC::JSGlobalObject&, JSC::JSValue);
WEBCORE_EXPORT String identifierToUSVString(JSC::JSGlobalObject&, const JSC::Identifier&);
