[WebIDL] Use of ECMAScript [[Put]] in WebIDL algorithms from Allen Wirfs-Brock on 2011-07-21 (public-script-coord@w3.org from July to September 2011)

From: Allen Wirfs-Brock <allen@wirfs-brock.com>
Date: Thu, 21 Jul 2011 14:12:35 -0700
To: public-script-coord@w3.org
Message-Id: <93450DCD-DFDF-4847-9CC1-5D00951EC1F0@wirfs-brock.com>

I spotted the following issue in 4.2.17 of WebIDL.  It may well occurs other places too.

Consider this algorithm:

	1 Let O be a new Object value created as if by the expression ({}).
	2  Let dictionaries be a list consisting of D and all of D’s inherited dictionaries, in order from least to most derived.
	3  For each dictionary dictionary in dictionaries, in order:
		1  For each dictionary member member declared on dictionary, in order:
			1  Let key be the identifier of member.
			2  If the dictionary member named key is present on V, then:
				1 Let idlValue be the value of member on V.
				2 Let value be the result of converting idlValue to an ECMAScript value.
				3  Call the [[Put]] internal method on O with arguments key, value and false.
	4 Return O.

The object created in line 1 has Object.prototype as its [[Prototype]].

Somebody could have previously executed:

Object.defineProperty(Object.prototype, "optionName", {put: function(v) {performArbitraryComputation()}});

If step 3.1.2.3 above is performed with "optionName" as the value of key, performArbitraryComputation will be called as a setter function by [[Put]].

It is for this reason that in the ECMAScript specification we avoid using [[Put]] when we specify object construction algorithms like this one.  Instead of [[Put]] we use [[DefineOwnProperty]] which will create a property without invoking inherited setters.

Allen

Received on Thursday, 21 July 2011 21:13:14 UTC