I discussed this a bit with Darin and Geoff, and we came to the
conclusion
that the correct fix is to have each JS DOMObject store a
JSGlobalObject
pointer and augment the toJS methods to pass a global object
instead of an
ExecState (close to you #1).
There are classes in JavaScriptCore with mutable prototype chains
which will not be covered by this fix, no?
After the engine properly constructs an object with the correct
prototype, the author can change that prototype, yes.
But I don't think that invalidates our strategy for property
constructing objects with the correct prototype.
Geoff
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
