Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Normative: `eval(nonString)` should not have observable side effects #1504

Merged
merged 1 commit into from Jun 4, 2019

Conversation

Projects
None yet
7 participants
@mikesamuel
Copy link
Member

commented Apr 9, 2019

Fixes #1495
which identifies the ordering of host callouts and input
type checks as a spec bug.

This uses option 1 from
#1495 (comment)
to ensure that type checks happen before host callouts.

This can't be tested in test262 but if this lands, I will follow up
with tests via web-platform-tests/wpt.

mikesamuel added a commit to mikesamuel/wpt that referenced this pull request Apr 9, 2019

[js] test order of host callout & typecheck during eval
This adds tests for tc39/ecma262#1504 which cannot be tested purely in
JavaScript because it involves HostEnsureCanCompileStrings.

As documented in a table on tc39/ecma262#1495 this passes on recent
Chrome and Safari and fails on Firefox so this test probably shouldn't
land right away.
Show resolved Hide resolved spec.html Outdated
@allenwb

This comment has been minimized.

Copy link
Member

commented Apr 10, 2019

@erights

That the runtime test that determines whether it is a direct eval only care that it is an %eval% intrinsic of some realm.

That's not correct. See 12.3.4.1 step 6.a. %eval% is a reference to the eval intrinsic of the current realm. In other words the eval intrinsic of the realm that is lexically associated with the code containing the CallExpression that is being evaluated.

jugglinmike added a commit to web-platform-tests/wpt that referenced this pull request Apr 11, 2019

[csp] test order of host callout & typecheck during eval (#16301)
* [js] test order of host callout & typecheck during eval

This adds tests for tc39/ecma262#1504 which cannot be tested purely in
JavaScript because it involves HostEnsureCanCompileStrings.

As documented in a table on tc39/ecma262#1495 this passes on recent
Chrome and Safari and fails on Firefox so this test probably shouldn't
land right away.

* Moved test to content-security-policy/generic

I reformatted it to follow the guidance at

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L37-L60

and moved the `<meta http-equiv=Content-Security-Policy>` content into a separate file per

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L22-L24

* move `<title>` into `<head>`

* Mark new test tentative

... until tc39/ecma262#1495 lands.
@littledan

This comment has been minimized.

Copy link
Member

commented Apr 24, 2019

Maybe @domenic can help clarify, as I believe he wrote much of this specification text.

Show resolved Hide resolved spec.html Outdated

@jridgewell jridgewell referenced this pull request Jun 4, 2019

Open

June 2019 #58

@ljharb ljharb added has consensus and removed needs consensus labels Jun 4, 2019

@ljharb

ljharb approved these changes Jun 4, 2019

@ljharb ljharb requested review from tc39/ecma262-editors and zenparsing Jun 4, 2019

@ljharb ljharb self-assigned this Jun 4, 2019

Normative: eval(nonString) should not have observable side effects (#…
…1504)

Fixes #1495
which identifies the ordering of host callouts and input type checks as a spec bug.

This uses option 1 from #1495 (comment)
to ensure that type checks happen before host callouts.

This can't be tested in test262 but if this lands, I will follow up with tests via web-platform-tests/wpt.

@ljharb ljharb force-pushed the eval-ordering branch from 743a864 to a25df66 Jun 4, 2019

@ljharb ljharb changed the title eval(nonString) should not have observable side effects. Normative: `eval(nonString)` should not have observable side effects Jun 4, 2019

@ljharb ljharb merged commit a25df66 into master Jun 4, 2019

1 check was pending

continuous-integration/travis-ci/push The Travis CI build is in progress
Details

@ljharb ljharb deleted the eval-ordering branch Jun 4, 2019

moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull request Jun 5, 2019

Bug 1545538 [wpt PR 16301] - [js] test order of host callout & typech…
…eck during eval, a=testonly

Automatic update from web-platform-tests
[csp] test order of host callout & typecheck during eval (#16301)

* [js] test order of host callout & typecheck during eval

This adds tests for tc39/ecma262#1504 which cannot be tested purely in
JavaScript because it involves HostEnsureCanCompileStrings.

As documented in a table on tc39/ecma262#1495 this passes on recent
Chrome and Safari and fails on Firefox so this test probably shouldn't
land right away.

* Moved test to content-security-policy/generic

I reformatted it to follow the guidance at

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L37-L60

and moved the `<meta http-equiv=Content-Security-Policy>` content into a separate file per

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L22-L24

* move `<title>` into `<head>`

* Mark new test tentative

... until tc39/ecma262#1495 lands.

--

wpt-commits: e3d0146264093a389148cc555ee9be69bd75719b
wpt-pr: 16301

mykmelez pushed a commit to mykmelez/gecko that referenced this pull request Jun 6, 2019

Bug 1545538 [wpt PR 16301] - [js] test order of host callout & typech…
…eck during eval, a=testonly

Automatic update from web-platform-tests
[csp] test order of host callout & typecheck during eval (#16301)

* [js] test order of host callout & typecheck during eval

This adds tests for tc39/ecma262#1504 which cannot be tested purely in
JavaScript because it involves HostEnsureCanCompileStrings.

As documented in a table on tc39/ecma262#1495 this passes on recent
Chrome and Safari and fails on Firefox so this test probably shouldn't
land right away.

* Moved test to content-security-policy/generic

I reformatted it to follow the guidance at

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L37-L60

and moved the `<meta http-equiv=Content-Security-Policy>` content into a separate file per

https://github.com/web-platform-tests/wpt/blob/38f02ed8bb05f69ab4b061d17220f8f46709a0a3/content-security-policy/README.html#L22-L24

* move `<title>` into `<head>`

* Mark new test tentative

... until tc39/ecma262#1495 lands.

--

wpt-commits: e3d0146264093a389148cc555ee9be69bd75719b
wpt-pr: 16301
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.