Reviewers: MarkM,
Description: If a property is marked canRead, then canReadPub should only return true if the property actually exists on the object. Please review this at http://codereview.appspot.com/93041 Affected files: M src/com/google/caja/cajita.js M tests/com/google/caja/CajitaTest.java Index: tests/com/google/caja/CajitaTest.java =================================================================== --- tests/com/google/caja/CajitaTest.java (revision 3567) +++ tests/com/google/caja/CajitaTest.java (working copy) @@ -23,6 +23,18 @@ * @author [email protected] (Ihab Awad) */ public class CajitaTest extends CajaTestCase { + public void testIn() throws Exception { + runTest( + "" + + "if ('length' in {}) { " + + " fail('readable property mistaken for existing property');" + + "}"); + runTest("('length' in []) || fail('arrays should have a length');"); + + runTest("('x' in { x: 1 }) || " + + "fail('failed to find existing readable property');"); + runTest("('y' in { x: 1 }) && fail('found nonexisting property');"); + } public void testAllKeys() throws Exception { runTest( "" Index: src/com/google/caja/cajita.js =================================================================== --- src/com/google/caja/cajita.js (revision 3567) +++ src/com/google/caja/cajita.js (working copy) @@ -1370,7 +1370,7 @@ name = String(name); if (obj === null) { return false; } if (obj === void 0) { return false; } - if (obj[name + '_canRead___']) { return true; } + if (obj[name + '_canRead___']) { return (name in obj); } if (endsWith__.test(name)) { return false; } if (name === 'toString') { return false; } if (!isJSONContainer(obj)) { return false; }
