Changeset 53239 in webkit


Ignore:
Timestamp:
Jan 13, 2010 10:37:13 PM (14 years ago)
Author:
eric@webkit.org
Message:

2010-01-13 Kent Hansen <kent.hansen@nokia.com>

Reviewed by Oliver Hunt.

JSON.stringify and JSON.parse needlessly process properties in the prototype chain
https://bugs.webkit.org/show_bug.cgi?id=33053

  • runtime/JSONObject.cpp: (JSC::Stringifier::Holder::appendNextProperty): (JSC::Walker::walk):

2010-01-13 Kent Hansen <kent.hansen@nokia.com>

Reviewed by Oliver Hunt.

JSON.stringify and JSON.parse needlessly process properties in the prototype chain
https://bugs.webkit.org/show_bug.cgi?id=33053

Add tests that verify that properties in the prototype chain are ignored.

  • fast/js/JSON-parse-expected.txt:
  • fast/js/JSON-stringify-expected.txt:
  • fast/js/resources/JSON-parse.js:
  • fast/js/resources/JSON-stringify.js:
Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/JavaScriptCore/ChangeLog

    r53225 r53239  
     12010-01-13  Kent Hansen  <kent.hansen@nokia.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        JSON.stringify and JSON.parse needlessly process properties in the prototype chain
     6        https://bugs.webkit.org/show_bug.cgi?id=33053
     7
     8        * runtime/JSONObject.cpp:
     9        (JSC::Stringifier::Holder::appendNextProperty):
     10        (JSC::Walker::walk):
     11
    1122010-01-13  Gavin Barraclough  <barraclough@apple.com>
    213
  • trunk/JavaScriptCore/runtime/JSONObject.cpp

    r52075 r53239  
    502502            else {
    503503                PropertyNameArray objectPropertyNames(exec);
    504                 m_object->getPropertyNames(exec, objectPropertyNames);
     504                m_object->getOwnPropertyNames(exec, objectPropertyNames);
    505505                m_propertyNames = objectPropertyNames.releaseData();
    506506            }
     
    747747                indexStack.append(0);
    748748                propertyStack.append(PropertyNameArray(m_exec));
    749                 object->getPropertyNames(m_exec, propertyStack.last());
     749                object->getOwnPropertyNames(m_exec, propertyStack.last());
    750750                // fallthrough
    751751            }
  • trunk/LayoutTests/ChangeLog

    r53238 r53239  
     12010-01-13  Kent Hansen  <kent.hansen@nokia.com>
     2
     3        Reviewed by Oliver Hunt.
     4
     5        JSON.stringify and JSON.parse needlessly process properties in the prototype chain
     6        https://bugs.webkit.org/show_bug.cgi?id=33053
     7
     8        Add tests that verify that properties in the prototype chain are ignored.
     9
     10        * fast/js/JSON-parse-expected.txt:
     11        * fast/js/JSON-stringify-expected.txt:
     12        * fast/js/resources/JSON-parse.js:
     13        * fast/js/resources/JSON-stringify.js:
     14
    1152010-01-13  Kenneth Russell  <kbr@google.com>
    216
  • trunk/LayoutTests/fast/js/JSON-parse-expected.txt

    r47828 r53239  
    6868PASS JSON.stringify(tests[i](nativeJSON)) is JSON.stringify(tests[i](JSON))
    6969function (jsonObject) {
     70        return jsonObject.parse('{"__proto__":5}');
     71    }
     72PASS JSON.stringify(tests[i](nativeJSON)) is JSON.stringify(tests[i](JSON))
     73function (jsonObject) {
    7074        return jsonObject.parse('{"a":5,}');
    7175    }
     
    434438function (jsonObject) {
    435439        return jsonObject.parse(JSON.stringify(complexObject), log);
     440    }
     441PASS JSON.stringify(tests[i](nativeJSON)) is JSON.stringify(tests[i](JSON))
     442function (jsonObject) {
     443        return jsonObject.parse('{"__proto__":{"a":5}}', log);
    436444    }
    437445PASS JSON.stringify(tests[i](nativeJSON)) is JSON.stringify(tests[i](JSON))
  • trunk/LayoutTests/fast/js/JSON-stringify-expected.txt

    r48093 r53239  
    165165function (jsonObject) {
    166166        var allString = true;
     167        var array = [{toString:function(){array[0]='a'; array[1]='c'; array[2]='b'; return 'a'}}];
     168        return jsonObject.stringify(simpleObjectWithProto, array);
     169    }
     170PASS tests[i](nativeJSON) is tests[i](JSON)
     171function (jsonObject) {
     172        var allString = true;
    167173        var array = [1, new Number(2), NaN, Infinity, -Infinity, new String("str")];
    168174        return jsonObject.stringify({"1":"1","2":"2","NaN":"NaN","Infinity":"Infinity","-Infinity":"-Infinity","str":"str"}, array);
     
    259265function (jsonObject) {
    260266        return jsonObject.stringify(complexObject, null, 4);
     267    }
     268PASS tests[i](nativeJSON) is tests[i](JSON)
     269function (jsonObject) {
     270        var allString = true;
     271        var array = ["1","2","3"];
     272        return jsonObject.stringify(simpleArrayWithProto, array);
     273    }
     274PASS tests[i](nativeJSON) is tests[i](JSON)
     275function (jsonObject) {
     276        return jsonObject.stringify(simpleArrayWithProto, null, "  ");
     277    }
     278PASS tests[i](nativeJSON) is tests[i](JSON)
     279function (jsonObject) {
     280        return jsonObject.stringify(simpleArrayWithProto, null, 4);
     281    }
     282PASS tests[i](nativeJSON) is tests[i](JSON)
     283function (jsonObject) {
     284        return jsonObject.stringify(simpleArrayWithProto, null, "ab");
     285    }
     286PASS tests[i](nativeJSON) is tests[i](JSON)
     287function (jsonObject) {
     288        return jsonObject.stringify(simpleArrayWithProto, null, 4);
     289    }
     290PASS tests[i](nativeJSON) is tests[i](JSON)
     291function (jsonObject) {
     292        return jsonObject.stringify(simpleObjectWithProto, null, "  ");
     293    }
     294PASS tests[i](nativeJSON) is tests[i](JSON)
     295function (jsonObject) {
     296        return jsonObject.stringify(simpleObjectWithProto, null, 4);
     297    }
     298PASS tests[i](nativeJSON) is tests[i](JSON)
     299function (jsonObject) {
     300        return jsonObject.stringify(simpleObjectWithProto, null, "ab");
     301    }
     302PASS tests[i](nativeJSON) is tests[i](JSON)
     303function (jsonObject) {
     304        return jsonObject.stringify(simpleObjectWithProto, null, 4);
     305    }
     306PASS tests[i](nativeJSON) is tests[i](JSON)
     307function (jsonObject) {
     308        return jsonObject.stringify(simpleObjectWithProto, null, 10);
     309    }
     310PASS tests[i](nativeJSON) is tests[i](JSON)
     311function (jsonObject) {
     312        return jsonObject.stringify(simpleObjectWithProto, null, 11);
     313    }
     314PASS tests[i](nativeJSON) is tests[i].expected
     315function (jsonObject) {
     316        return jsonObject.stringify(simpleObjectWithProto, null, "          ");
     317    }
     318PASS tests[i](nativeJSON) is tests[i].expected
     319function (jsonObject) {
     320        return jsonObject.stringify(simpleObjectWithProto, null, "           ");
     321    }
     322PASS tests[i](nativeJSON) is tests[i].expected
     323function (jsonObject) {
     324        return jsonObject.stringify(complexArrayWithProto, null, "  ");
     325    }
     326PASS tests[i](nativeJSON) is tests[i](JSON)
     327function (jsonObject) {
     328        return jsonObject.stringify(complexArrayWithProto, null, 4);
     329    }
     330PASS tests[i](nativeJSON) is tests[i](JSON)
     331function (jsonObject) {
     332        return jsonObject.stringify(complexArrayWithProto, null, "ab");
     333    }
     334PASS tests[i](nativeJSON) is tests[i](JSON)
     335function (jsonObject) {
     336        return jsonObject.stringify(complexArrayWithProto, null, 4);
     337    }
     338PASS tests[i](nativeJSON) is tests[i](JSON)
     339function (jsonObject) {
     340        return jsonObject.stringify(complexObjectWithProto, null, "  ");
     341    }
     342PASS tests[i](nativeJSON) is tests[i](JSON)
     343function (jsonObject) {
     344        return jsonObject.stringify(complexObjectWithProto, null, 4);
     345    }
     346PASS tests[i](nativeJSON) is tests[i](JSON)
     347function (jsonObject) {
     348        return jsonObject.stringify(complexObjectWithProto, null, "ab");
     349    }
     350PASS tests[i](nativeJSON) is tests[i](JSON)
     351function (jsonObject) {
     352        return jsonObject.stringify(complexObjectWithProto, null, 4);
     353    }
     354PASS tests[i](nativeJSON) is tests[i](JSON)
     355function (jsonObject) {
     356        return jsonObject.stringify(objectWithSideEffectGetter);
     357    }
     358FAIL tests[i](nativeJSON) should be {"foo":1}. Was {}.
     359function (jsonObject) {
     360        return jsonObject.stringify(objectWithSideEffectGetterAndProto);
     361    }
     362FAIL tests[i](nativeJSON) should be {"foo":1}. Was {}.
     363function (jsonObject) {
     364        return jsonObject.stringify(arrayWithSideEffectGetter);
     365    }
     366PASS tests[i](nativeJSON) is tests[i](JSON)
     367function (jsonObject) {
     368        return jsonObject.stringify(arrayWithSideEffectGetterAndProto);
    261369    }
    262370PASS tests[i](nativeJSON) is tests[i](JSON)
  • trunk/LayoutTests/fast/js/resources/JSON-parse.js

    r47828 r53239  
    6464    result.push(function(jsonObject){
    6565        return jsonObject.parse('{"a":5}');
     66    });
     67    result.push(function(jsonObject){
     68        return jsonObject.parse('{"__proto__":5}');
    6669    });
    6770    result.push(function(jsonObject){
     
    396399    result.push(function(jsonObject){
    397400        return jsonObject.parse(JSON.stringify(complexObject), log);
     401    });
     402    result.push(function(jsonObject){
     403        return jsonObject.parse('{"__proto__":{"a":5}}', log);
    398404    });
    399405    var logOrderString;
  • trunk/LayoutTests/fast/js/resources/JSON-stringify.js

    r48083 r53239  
    55    var complexArray = ['a', 'b', 'c',,,simpleObject, simpleArray, [simpleObject,simpleArray]];
    66    var complexObject = {a:"1", b:"2", c:"3", d:undefined, e:null, "":12, get f(){ return simpleArray; }, array: complexArray};
     7    var simpleArrayWithProto = ['d', 'e', 'f'];
     8    simpleArrayWithProto.__proto__ = simpleObject;
     9    var simpleObjectWithProto = {d:"4", e:"5", f:"6", __proto__:simpleObject};
     10    var complexArrayWithProto = ['d', 'e', 'f',,,simpleObjectWithProto, simpleArrayWithProto, [simpleObjectWithProto,simpleArrayWithProto]];
     11    complexArrayWithProto.__proto__ = simpleObjectWithProto;
     12    var complexObjectWithProto = {d:"4", e:"5", f:"6", g:undefined, h:null, "":12, get i(){ return simpleArrayWithProto; }, array2: complexArrayWithProto, __proto__:complexObject};
     13    var objectWithSideEffectGetter = {get b() {this.foo=1;}};
     14    var objectWithSideEffectGetterAndProto = {__proto__:{foo:"bar"}, get b() {this.foo=1;}};
     15    var arrayWithSideEffectGetter = [];
     16    arrayWithSideEffectGetter.__defineGetter__("b", function(){this.foo=1;});
     17    var arrayWithSideEffectGetterAndProto = [];
     18    arrayWithSideEffectGetterAndProto.__defineGetter__("b", function(){this.foo=1;});
     19    arrayWithSideEffectGetterAndProto.__proto__ = {foo:"bar"};
    720    var result = [];
    821    result.push(function(jsonObject){
     
    144157    result.push(function(jsonObject){
    145158        var allString = true;
     159        var array = [{toString:function(){array[0]='a'; array[1]='c'; array[2]='b'; return 'a'}}];
     160        return jsonObject.stringify(simpleObjectWithProto, array);
     161    });
     162    result.push(function(jsonObject){
     163        var allString = true;
    146164        var array = [1, new Number(2), NaN, Infinity, -Infinity, new String("str")];
    147165        return jsonObject.stringify({"1":"1","2":"2","NaN":"NaN","Infinity":"Infinity","-Infinity":"-Infinity","str":"str"}, array);
     
    220238    result.push(function(jsonObject){
    221239        return jsonObject.stringify(complexObject, null, 4);
     240    });
     241    result.push(function(jsonObject){
     242        var allString = true;
     243        var array = ["1","2","3"];
     244        return jsonObject.stringify(simpleArrayWithProto, array);
     245    });
     246    result.push(function(jsonObject){
     247        return jsonObject.stringify(simpleArrayWithProto, null, "  ");
     248    });
     249    result.push(function(jsonObject){
     250        return jsonObject.stringify(simpleArrayWithProto, null, 4);
     251    });
     252    result.push(function(jsonObject){
     253        return jsonObject.stringify(simpleArrayWithProto, null, "ab");
     254    });
     255    result.push(function(jsonObject){
     256        return jsonObject.stringify(simpleArrayWithProto, null, 4);
     257    });
     258    result.push(function(jsonObject){
     259        return jsonObject.stringify(simpleObjectWithProto, null, "  ");
     260    });
     261    result.push(function(jsonObject){
     262        return jsonObject.stringify(simpleObjectWithProto, null, 4);
     263    });
     264    result.push(function(jsonObject){
     265        return jsonObject.stringify(simpleObjectWithProto, null, "ab");
     266    });
     267    result.push(function(jsonObject){
     268        return jsonObject.stringify(simpleObjectWithProto, null, 4);
     269    });
     270    result.push(function(jsonObject){
     271        return jsonObject.stringify(simpleObjectWithProto, null, 10);
     272    });
     273    result.push(function(jsonObject){
     274        return jsonObject.stringify(simpleObjectWithProto, null, 11);
     275    });
     276    result[result.length - 1].expected = JSON.stringify(simpleObjectWithProto, null, 10);
     277    result.push(function(jsonObject){
     278        return jsonObject.stringify(simpleObjectWithProto, null, "          ");
     279    });
     280    result[result.length - 1].expected = JSON.stringify(simpleObjectWithProto, null, 10);
     281    result.push(function(jsonObject){
     282        return jsonObject.stringify(simpleObjectWithProto, null, "           ");
     283    });
     284    result[result.length - 1].expected = JSON.stringify(simpleObjectWithProto, null, 10);
     285    result.push(function(jsonObject){
     286        return jsonObject.stringify(complexArrayWithProto, null, "  ");
     287    });
     288    result.push(function(jsonObject){
     289        return jsonObject.stringify(complexArrayWithProto, null, 4);
     290    });
     291    result.push(function(jsonObject){
     292        return jsonObject.stringify(complexArrayWithProto, null, "ab");
     293    });
     294    result.push(function(jsonObject){
     295        return jsonObject.stringify(complexArrayWithProto, null, 4);
     296    });
     297    result.push(function(jsonObject){
     298        return jsonObject.stringify(complexObjectWithProto, null, "  ");
     299    });
     300    result.push(function(jsonObject){
     301        return jsonObject.stringify(complexObjectWithProto, null, 4);
     302    });
     303    result.push(function(jsonObject){
     304        return jsonObject.stringify(complexObjectWithProto, null, "ab");
     305    });
     306    result.push(function(jsonObject){
     307        return jsonObject.stringify(complexObjectWithProto, null, 4);
     308    });
     309    result.push(function(jsonObject){
     310        return jsonObject.stringify(objectWithSideEffectGetter);
     311    });
     312    result.push(function(jsonObject){
     313        return jsonObject.stringify(objectWithSideEffectGetterAndProto);
     314    });
     315    result.push(function(jsonObject){
     316        return jsonObject.stringify(arrayWithSideEffectGetter);
     317    });
     318    result.push(function(jsonObject){
     319        return jsonObject.stringify(arrayWithSideEffectGetterAndProto);
    222320    });
    223321    var replaceTracker;
Note: See TracChangeset for help on using the changeset viewer.