- From: Boris Zbarsky <bzbarsky@mit.edu>
- Date: Tue, 27 Jan 2015 14:48:03 -0500
- To: "Mark S. Miller" <erights@google.com>
- CC: es-discuss <es-discuss@mozilla.org>, "public-script-coord@w3.org" <public-script-coord@w3.org>, Domenic Denicola <domenic@domenicdenicola.com>
On 12/4/14 11:49 AM, Mark S. Miller wrote: > On Thu, Dec 4, 2014 at 2:58 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote: >> OK. What do we do if we discover that throwing from the defineProperty call >> with a non-configurable property descriptor is not web-compatible? > > What we always do So just for the record, jQuery (at least all the 2.* versions I've looked at) contains that following bits: Data.prototype = { key: function( owner ) { ... var descriptor = {}, ... // Secure it in a non-enumerable, non-writable property try { descriptor[ this.expando ] = { value: unlock }; Object.defineProperties( owner, descriptor ); // Support: Android < 4 // Fallback to a less secure definition } catch ( e ) { descriptor[ this.expando ] = unlock; jQuery.extend( owner, descriptor ); } This function is called from Data.prototype.get, which is called from jQuery.event.add. So the upshot is that trying to add an event listener to the window via the jQuery API will hit this codepath. Now the good news is that the try/catch _is_ present there, so this doesn't immediately break sites. But it's something to watch out for, and we _will_ be changing the behavior of jQuery here in a way that the jQuery developers clearly think is undesirable. -Boris
Received on Tuesday, 27 January 2015 19:48:34 UTC