- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 29 Mar 2011 21:29:33 -0400
- To: Adam Barth <w3c@adambarth.com>
- CC: Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On 3/29/11 9:19 PM, Adam Barth wrote:
> WebKit seems to distinguish between callable and non-callable.
> Non-callables get coerced to strings, which then get compiled as
> script source code, which is what we'd like to avoid.
Indeed. Gecko, if I read the code right, basically does this:
if (typeof(arguments[0]) == "function") {
// Do the function thing
} else if (typeof(arguments[0]) == "string" ||
typeof(arguments[0]) == "object") {
// Do the string thing
} else {
// Throw an exception
}
From what I understand, the typeof check there is not quite equivalent
to checking for callability...
-Boris
Received on Wednesday, 30 March 2011 01:30:09 UTC