W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: Interaction with Workers (was Re: setTimeout error handling)

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 29 Mar 2011 18:58:25 -0700
Message-ID: <AANLkTimsPObL6CyDerjNy-bwHSV0S5b2bGm1z7FEBM7S@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On Tue, Mar 29, 2011 at 6:29 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 3/29/11 9:19 PM, Adam Barth wrote:
>>
>> WebKit seems to distinguish between callable and non-callable.
>> Non-callables get coerced to strings, which then get compiled as
>> script source code, which is what we'd like to avoid.
>
> Indeed.  Gecko, if I read the code right, basically does this:
>
>  if (typeof(arguments[0]) == "function") {
>    // Do the function thing
>  } else if (typeof(arguments[0]) == "string" ||
>             typeof(arguments[0]) == "object") {
>    // Do the string thing
>  } else {
>    // Throw an exception
>  }
>
> From what I understand, the typeof check there is not quite equivalent to
> checking for callability...

WebKit literally checks for callable:

http://trac.webkit.org/browser/trunk/Source/WebCore/bindings/js/ScheduledAction.cpp#L53

Anyway, that's something for HTML5 or WebIDL to define.  What's
important for our purposes is that there's a branch there and we need
to block on side of the branch but not the other (as in
https://bugs.webkit.org/attachment.cgi?id=87220&action=prettypatch)

Adam
Received on Wednesday, 30 March 2011 01:59:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 March 2011 01:59:30 GMT