diff options
| author | Andras Becsi <andras.becsi@digia.com> | 2013-12-11 21:33:03 +0100 |
|---|---|---|
| committer | Andras Becsi <andras.becsi@digia.com> | 2013-12-13 12:34:07 +0100 |
| commit | f2a33ff9cbc6d19943f1c7fbddd1f23d23975577 (patch) | |
| tree | 0586a32aa390ade8557dfd6b4897f43a07449578 /chromium/v8/src/messages.js | |
| parent | 5362912cdb5eea702b68ebe23702468d17c3017a (diff) | |
| download | qtwebengine-chromium-f2a33ff9cbc6d19943f1c7fbddd1f23d23975577.tar.gz | |
Update Chromium to branch 1650 (31.0.1650.63)
Change-Id: I57d8c832eaec1eb2364e0a8e7352a6dd354db99f
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
Diffstat (limited to 'chromium/v8/src/messages.js')
| -rw-r--r-- | chromium/v8/src/messages.js | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/chromium/v8/src/messages.js b/chromium/v8/src/messages.js index b586d24882b..2debbf86540 100644 --- a/chromium/v8/src/messages.js +++ b/chromium/v8/src/messages.js @@ -228,16 +228,18 @@ function NoSideEffectToString(obj) { } } } - if (IsNativeErrorObject(obj)) return %_CallFunction(obj, ErrorToString); + if (CanBeSafelyTreatedAsAnErrorObject(obj)) { + return %_CallFunction(obj, ErrorToString); + } return %_CallFunction(obj, ObjectToString); } - -// To check if something is a native error we need to check the -// concrete native error types. It is not sufficient to use instanceof -// since it possible to create an object that has Error.prototype on -// its prototype chain. This is the case for DOMException for example. -function IsNativeErrorObject(obj) { +// To determine whether we can safely stringify an object using ErrorToString +// without the risk of side-effects, we need to check whether the object is +// either an instance of a native error type (via '%_ClassOf'), or has $Error +// in its prototype chain and hasn't overwritten 'toString' with something +// strange and unusual. +function CanBeSafelyTreatedAsAnErrorObject(obj) { switch (%_ClassOf(obj)) { case 'Error': case 'EvalError': @@ -248,7 +250,9 @@ function IsNativeErrorObject(obj) { case 'URIError': return true; } - return false; + + var objToString = %GetDataProperty(obj, "toString"); + return obj instanceof $Error && objToString === ErrorToString; } @@ -257,7 +261,7 @@ function IsNativeErrorObject(obj) { // the error to string method. This is to avoid leaking error // objects between script tags in a browser setting. function ToStringCheckErrorObject(obj) { - if (IsNativeErrorObject(obj)) { + if (CanBeSafelyTreatedAsAnErrorObject(obj)) { return %_CallFunction(obj, ErrorToString); } else { return ToString(obj); |