-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move the check for HTMLElement and its subclass from customElements.define to construction timing #541
Comments
Hmm. So let me try to understand your proposed alternate fix. Consider the following: <!DOCTYPE html>
<bad-1></bad-1> <!-- (1) -->
<script>
customElements.define("bad-1", HTMLElement);
document.createElement("bad-1"); // (2)
new HTMLElement(); // (3)
</script>
<bad-1></bad-1> <!-- (4) --> So with your proposal of checking The other cases are less clear, but I think they work... at some point they all call Construct(HTMLElement), which throws:
So I guess it works. Can you also help me understand why this check would be easier to make at construction time, instead of at definition time? In both cases you need to compare a constructor (either |
Seeing the above example, it also occurs to me that: a) any given custom element is likely to be used more than once on a page and b) its definition will often be loaded asynchronously, so when @domenic's case (1) occurs, it'll probably occur many times. That is, if an author passes an invalid constructor to |
You don't because you can just check that you're constructing yourself during the construction. e.g. let's say you're trying to define a custom element with interface
So in either scenario, one doesn't have to enumerate the list of all builtin HTML*Element constructors. |
Also, I'm not sure how your check works against Proxy objects. What happens if you defined a Proxy to |
+1 to @rniwa, turns out that the current Blink impl skips this check. |
Ah, great, that makes sense! OK, I can change this then...
I think the
I hope someone is writing web platform tests for this!! (And the Proxy case is a good one too.) I thought I even saw some from Firefox land in WPT... |
My point was that this case is hard/impossible to catch at definition time. e.g. |
Previously, this would be prevented at definition time. However, that required extra work to know all of the possible element interfaces, and was inconsistent with other failure cases. This moves the necessary check to construction time, which allows it to be simplified. Fixes WICG/webcomponents#541.
Previously, this would be prevented at definition time. However, that required extra work to know all of the possible element interfaces, and was inconsistent with other failure cases. This moves the necessary check to construction time, which allows it to be simplified. Fixes WICG/webcomponents#541.
I support this proposal, specifically in HTMLConstructor stepts, if new.target === the active function object then throw a TypeError. Given HTMLConstructor step 4.2, which ties together the definition's local name and the active function object's allowable local names, this prevents mayhem like minting elements with unrelated local names or effectively using built-in constructors directly to create elements. |
https://bugs.webkit.org/show_bug.cgi?id=161430 Reviewed by Antti Koivisto. Source/WebCore: Per WICG/webcomponents#541, we must throw a TypeError when the HTMLElement constructor is called with new.target set to itself (i.e. new HTMLElement after registering it with a custom element). Note that we can't check this at the time of customElements.define because it could be a Proxy object. Also see: https://html.spec.whatwg.org/#html-element-constructors Tests: fast/custom-elements/CustomElementRegistry.html fast/custom-elements/HTMLElement-constructor.html * bindings/js/JSHTMLElementCustom.cpp: (WebCore::constructJSHTMLElement): Throw a TypeError when NewTarget is HTMLElement constructor itself. LayoutTests: Added test cases for defining a custom element with the HTMLElement constructor, and making sure the HTMLElement constructor throws an exception when newTarget is itself. * fast/custom-elements/CustomElementRegistry-expected.txt: * fast/custom-elements/CustomElementRegistry.html: * fast/custom-elements/HTMLElement-constructor-expected.txt: * fast/custom-elements/HTMLElement-constructor.html: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@205263 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Previously, this would be prevented at definition time. However, that required extra work to know all of the possible element interfaces, and was inconsistent with other failure cases. This moves the necessary check to construction time, which allows it to be simplified. Fixes WICG/webcomponents#541.
https://bugs.webkit.org/show_bug.cgi?id=161430 Reviewed by Antti Koivisto. Source/WebCore: Per WICG/webcomponents#541, we must throw a TypeError when the HTMLElement constructor is called with new.target set to itself (i.e. new HTMLElement after registering it with a custom element). Note that we can't check this at the time of customElements.define because it could be a Proxy object. Also see: https://html.spec.whatwg.org/#html-element-constructors Tests: fast/custom-elements/CustomElementRegistry.html fast/custom-elements/HTMLElement-constructor.html * bindings/js/JSHTMLElementCustom.cpp: (WebCore::constructJSHTMLElement): Throw a TypeError when NewTarget is HTMLElement constructor itself. LayoutTests: Added test cases for defining a custom element with the HTMLElement constructor, and making sure the HTMLElement constructor throws an exception when newTarget is itself. * fast/custom-elements/CustomElementRegistry-expected.txt: * fast/custom-elements/CustomElementRegistry.html: * fast/custom-elements/HTMLElement-constructor-expected.txt: * fast/custom-elements/HTMLElement-constructor.html: Canonical link: https://commits.webkit.org/179603@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@205263 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Right now,
CustomElementsRegistry.define
is spec'ed to check whether the interface object inherits fromHTMLElement
interface or not.This check is hard to implement in WebKit as is because we don't have a mechanism to check the inheritance hierarchy of interface constructor objects (we can check the inheritance hierarchy of constructed objects via branding).
It's also weird to specifically filter out
HTMLElement
and their sub-interfaces when we throw the same error for things likeRange
,Text
, andSet
.My preference would be moving this check to the construction time. We can check that
new.target
is notHTMLElement
or one of its subclasses instead.The text was updated successfully, but these errors were encountered: