Changeset 235582 in webkit
- Timestamp:
- Sep 1, 2018 1:03:43 AM (6 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/function-body-to-string-before-parameter-syntax-check.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/FunctionConstructor.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r235558 r235582 1 2018-08-24 Yusuke Suzuki <yusukesuzuki@slowstart.org> 2 3 Function object should convert params to string before throw a parsing error 4 https://bugs.webkit.org/show_bug.cgi?id=188874 5 6 Reviewed by Darin Adler. 7 8 * stress/function-body-to-string-before-parameter-syntax-check.js: Added. 9 (shouldThrow): 10 1 11 2018-08-31 Mark Lam <mark.lam@apple.com> 2 12 -
trunk/Source/JavaScriptCore/ChangeLog
r235558 r235582 1 2018-08-24 Yusuke Suzuki <yusukesuzuki@slowstart.org> 2 3 Function object should convert params to string before throw a parsing error 4 https://bugs.webkit.org/show_bug.cgi?id=188874 5 6 Reviewed by Darin Adler. 7 8 ToString operation onto the `body` of the Function constructor should be performed 9 before checking syntax correctness of the parameters. 10 11 * runtime/FunctionConstructor.cpp: 12 (JSC::constructFunctionSkippingEvalEnabledCheck): 13 1 14 2018-08-31 Mark Lam <mark.lam@apple.com> 2 15 -
trunk/Source/JavaScriptCore/runtime/FunctionConstructor.cpp
r232337 r235582 140 140 parameterBuilder.append(viewWithString.view); 141 141 } 142 auto body = args.at(args.size() - 1).toWTFString(exec); 143 RETURN_IF_EXCEPTION(scope, nullptr); 142 144 143 145 { … … 156 158 builder.append(parameterBuilder); 157 159 builder.appendLiteral(") {\n"); 158 auto body = args.at(args.size() - 1).toWTFString(exec);159 RETURN_IF_EXCEPTION(scope, nullptr);160 160 checkBody(body); 161 161 RETURN_IF_EXCEPTION(scope, nullptr);
Note: See TracChangeset
for help on using the changeset viewer.
