Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1560 by [email protected]: Support instanceof checks on
guest-constructed standard objects
http://code.google.com/p/google-caja/issues/detail?id=1560
What revision of the cajoler exhibits the problem? On what browser and OS?
r5054, SES mode.
What steps will reproduce the problem?
1. Create a tamed function with argument A that contains "A instanceof
Date".
2. In the guest, create a Date object and pass it to the function.
What is the expected output? What do you see instead?
I expect the instanceof check in the host code to return true. Instead it
returns false.
Please provide any additional information below.
Quoting Ihab Awad, a Caja developer, on the issue:
This is a deliberate tradeoff.
The guest code runs inside a hidden <iframe> that
Caja creates for you. So Date in that iframe is not
Date in the host page.
We could translate by copying at the boundary
(doing new Date(...) every time we cross), or we
can just pass the object through.
Copying means you get instanceof right but
mutations to the object fail to make it back to
the guest code, and vice versa.
I should add -- there is already a precedent for
pass-by-copy semantics across the taming boundary:
Arrays are always pass-by-copy both ways. So it
would not be *too* strange to do that for builtins
like Date and RegExp also.
