| Summary: | A question about defineProperty of Proxy object | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | NWU_NISL <nisl_grammarly1> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ashvayka, fpizlo, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
(In reply to NWU_NISL from comment #0) > But jsc didn't throw any error as my expection, Is there any information I > have missed? Thank you for detailed bug report. You are absolutely right, a TypeError should be thrown because the trap didn't return a truthy value. r259822 fixed ProxyObject::performDefineOwnProperty() to do that, aligning JSC with other engines. > #### version > dbae081 This appears to be referring to https://github.com/WebKit/webkit/commit/dbae081ad7e22d9ab61edf2f337f6c2bb593c7f8, which was 6 weeks after the fix. Are we sure it's correct? I can confirm the bug reproducing in Safari 13.1.2, yet fixed in TP 113. *** This bug has been marked as a duplicate of bug 210267 *** |
When calling "Object.defineProperty" as below, the internal method "[[DefineOwnProperty]" will be invoked. According to ES10.0, when invoking the internal method "[[DefineOwnProperty]]" of the proxy object, the method "defineProperty" of proxy handler is called. So the overwritten property "defineProperty " below is called. And a false will be returned after using "ToBoolean" dealing with its return value, because the method's default return value is undefined. Finally, a TypeError will be thrown as other engines(like V8,spiderMonkey and quickjs) do. But jsc didn't throw any error as my expection, Is there any information I have missed? #### version dbae081 #### command webkit/WebKitBuild/Debug/bin/jsc testcase.js #### testcase function main() { var handler = {defineProperty:function(){ print("overwrite definedProperty"); } }; var target = {"a":3}; var descBefore = Object.getOwnPropertyDescriptor(target,"a"); for(var j in descBefore){ print(j,descBefore[j]); } var p = new Proxy(target,handler); var desc = {value:200}; var v21 = Object.defineProperty(p,"a",desc); print(v21); var descAfter = Object.getOwnPropertyDescriptor(target,"a"); for(var i in descAfter){ print(i,descAfter[i]); } } main(); #### output value 3 writable true enumerable true configurable true overwrite definedProperty [object Object] value 3 writable true enumerable true configurable true #### expected output value 3 writable true enumerable true configurable true overwrite definedProperty TypeError: proxy defineProperty handler returned false for property '"a"' contributor:Yuan Wang