Object.prototype.toString does not correctly handle platform objects with no Symbol.toStringTag |
||
Issue descriptionChrome Version: 65.0.3288.1 (Official Build) canary SyzyASan (32-bit) (cohort: ASAN) OS: Windows 10 Test cases: - http://software.hixie.ch/utilities/js/live-dom-viewer/?saved=5623 should log "undefined" and "[object Object]", but instead logs "undefined" and "[object HTMLDocument]" - http://software.hixie.ch/utilities/js/live-dom-viewer/?saved=5625 has the same problem. It seems there is some kind of fallback, not conformant to the JS spec, where Object.prototype.toString.call(platformObject) will give a value that is not [object Object] if no Symbol.toString is present. This hurts our long-standing efforts to align toString behavior across browsers; see https://github.com/heycam/webidl/pull/357 and most recently https://github.com/heycam/webidl/pull/357#issuecomment-350347428 where this was discovered. This probably is a V8 bug, in that if they implement the Object.prototype.toString spec correctly, this should never even be possible? But it's very web-related? So I'm filing it here and CCing several folks, and putting it in the bindings category. Please re-triage as necessary.
,
Dec 11 2017
I believe this might go away on its own once V8 lands https://chromium-review.googlesource.com/c/v8/v8/+/776683 (currently blocked on some TypedArray-related refactoring). Toon, do you happen to know if there's a quick fix here for Object.prototype.toString to ignore Blink class names (or maybe we can just change the API to avoid storing the class name)?
,
Dec 12 2017
It doesn't automatically go away; the CL just changes the ClassOf that was called in ObjectProtoToString from a builtin to a runtime function. We should just delete that code. I'm very much in favor though; and have been working towards this for ages! :) So yes, the (quick) fix is to just remove that call. |
||
►
Sign in to add a comment |
||
Comment 1 by yukishiino@chromium.org
, Dec 11 2017Status: Assigned (was: Untriaged)