72812 – [test case] eval() evaluates literals in the context of the caller (instead of the current one)

Bug 72812 - [test case] eval() evaluates literals in the context of the caller (instead of the current one)

Summary: [test case] eval() evaluates literals in the context of the caller (instead o...

Status:	RESOLVED DUPLICATE of bug 71506

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	kjs (show other bugs)
Version:	unspecified
Platform:	RedHat Enterprise Linux Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-01-17 14:59 UTC by Sebastiano Vigna
Modified:	2005-02-27 14:32 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastiano Vigna 2004-01-17 14:59:51 UTC

Version:            (using KDE KDE 3.1.5)
Installed from:    RedHat RPMs
OS:          Linux

Put the following into testkonq.html:

------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>Test</TITLE>
</HEAD>
<BODY>
<SCRIPT TYPE="text/javascript">
function check(s) {
      a = eval(s);
      alert(a.constructor == Array);
}
</SCRIPT>
<IFRAME NAME="frame" ID="frame" SRC="rpc.html" HEIGHT=100 WIDTH=800></IFRAME>
</BODY>
-----------------

...and the following in rpc.html:
--------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>RPC</TITLE>
</HEAD>
<BODY>
<SCRIPT TYPE="text/javascript">
parent.check("[1,2]")
</SCRIPT>
</BODY>
--------------

Mozilla, Netscape, Opera and Explorer will open an alert box displaying "true", whereas Konqueror will display "false".

This is a very subtle point, but it is a real pain in the neck when doing cross-frame scripting. The rpc.html code calls a function defined in the *parent* frame context. The function evaluates a literal, and checks whether it is an array. All browsers execute the eval() in the context in which check() was defined, that is, the parent context (since ECMAScript has closures, this is very sensible). Konqueror executes it in the *child* frame context. Since the Array object of the child frame is not the Array object of the parent frame, this entails the "false" displayed by Konqueror.

If you *already know* the type of the object passed to check(), this is not going to be a problem: the properties and methods of the two Array objects are the same--if it walks like an Array and talks like an Array it must be an Array. However, if you need any kind of run-time type-check, it will fail miserably.

It is difficult to classify this as a true bug, because the ECMAScript standard does not say anything about multiple global objects (as those generated by multiple frames), but it is fair to say that all other ECMAScript implementations I'm aware of do not behave like Konqueror's.

Comment 1 Harri Porten 2005-02-27 14:32:05 UTC


*** This bug has been marked as a duplicate of 71506 ***