Bug 189030
| Summary: | For-in over a proxy with ownKeys handler hits non-enumerable keys | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Kevin Gibbons <bakkot> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | benjamin, caitp, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, rmorisset, saam, ticaiolima, tzagallo, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Kevin Gibbons
Consider the following program:
```
if (typeof console === 'undefined') console = { log: print };
let a = Object.create(null, {
x: { enumerable: false, configurable: true, value: 0 },
});
let handler = {
ownKeys(target) {
return Reflect.ownKeys(target);
},
};
let pa = new Proxy(a, handler);
for (let key in pa) {
console.log('reached');
}
```
This prints 'reached'. It should not; `pa` reports no enumerable keys. (And no other engine has this behavior.)
This only happens if the `ownKeys` handler is present, even though the one I've specified does the same thing as the default handler.
See also (and please comment on) this open spec bug about more precisely specifying the behavior of for-in, which prompted the investigation which lead me to discovering this issue: https://github.com/tc39/ecma262/issues/1281
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Kevin Gibbons
This is probably related, so I'm going to add it as a comment here:
JSC can also print the same key twice. According to Allen Wirfs-Brock [1], "no duplicate names" is the most important property required by the spec, so this seems especially bad.
Sample code:
```
let a = {
x: 0,
};
let b = {
x: 0,
};
let pb = new Proxy(b, {
ownKeys(target) {
return Reflect.ownKeys(target);
},
});
Object.setPrototypeOf(a, pb);
for (let key in a) {
console.log(key);
}
```
This prints `x` twice.
[1] https://github.com/tc39/ecma262/issues/1281#issuecomment-411133580
Radar WebKit Bug Importer
<rdar://problem/47417561>
Caitlin Potter (:caitp)
This is essentially the same bug as your other one, https://bugs.webkit.org/show_bug.cgi?id=189034 --- isn't it?
Kevin Gibbons
Maybe? This one only occurs if you have an `ownKeys` handler - if you remove it from my examples, the engine does the right thing. So I was assuming it was a distinct issue from failing to invoke `getOwnPropertyDescriptor`.
Caitlin Potter (:caitp)
(In reply to bakkot from comment #4)
> Maybe? This one only occurs if you have an `ownKeys` handler - if you remove
> it from my examples, the engine does the right thing. So I was assuming it
> was a distinct issue from failing to invoke `getOwnPropertyDescriptor`.
Ah, I see what you mean. This one is a dupe of https://bugs.webkit.org/show_bug.cgi?id=176810, but the GOPD bug still needs to be fixed.
Caitlin Potter (:caitp)
Neither of these test cases are reproducible for me on master now.