Bug Tracker

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#9372 closed bug (wontfix)

cssProps properties from object prototype chain causes errors

Reported by: xelaris Owned by: xelaris
Priority: low Milestone: 1.next
Component: misc Version: 1.6.1
Keywords: Cc:
Blocked by: Blocking:

Description

There is an issue with methods added to Object.prototype in combination with any function, which ends up in a call to jQuery.css().

If a function is added to every object's prototype chain, calling .css(map), for example, ends up with a call of jQuery.css( elem, name, extra ) where the parameter name becomes the name of the function from the prototype chain. The name is obviously expected to be a string.

Through the line

name = jQuery.cssProps[ name ] || name;

name becomes a function reference, because jQuery.cssProps[ name ] returns the function form the protoype chain.

In the following the function reference is passed to curCSS( elem, name ) where name.replace accordingly causes an error.

Therefore an hasOwnProperty() check is missing.

I suggest something like

name = jQuery.cssProps.hasOwnProperty( name ) && jQuery.cssProps[ name ] || name;

This issue also exists in the current git version.

It can be reproduced whith jsfiddle under: http://jsfiddle.net/jvXMj/

Change History (5)

comment:2 Changed 8 years ago by dmethvin

Owner: set to xelaris
Status: newpending

jQuery doesn't have a lot of rules about what happens outside the boundaries of the jQuery object, but one of them is that Object.prototype cannot be augmented. There are a lot of unguarded for/in loops throughout.

Did you discover this problem in real code? It's considered a very bad idea to modify Object.prototype so we've hesitated to add overhead to protect against it.

comment:3 Changed 8 years ago by xelaris

Status: pendingnew

I agree, generally it's not a neat way to modify Object.prototype. However, I discovered this problem in real code. There is a small library in use, which, amongst others, adds a keys() method to Object.prototype, if there is not a native one, with intend to emulate several functions to harmonize the environment among different browsers. With jQuery 1.5.1 there are no complications, since the problem surfaces not until the update from jQuery 1.5.1 to 1.6.1.

I don't hold, that jQuery should absolute insusceptible for such "manipulations", in case of for/in loop, for example. But I think, if possible, the resulting errors should be mitigated at least. Another solution could be, to determine the name parameter to be a String, within the curCSS( elem, name ) function. Or to determine the existance of the replace function name.replace && name.replace(...), for example.

comment:4 Changed 8 years ago by Rick Waldron

Component: unfiledmisc
Priority: undecidedlow

+1 to dmethvin's comments.

This patch, https://github.com/jquery/jquery/pull/384, only addresses one of infinite issues caused by modifying native or host objects.

comment:5 Changed 8 years ago by timmywil

Resolution: wontfix
Status: newclosed

This would open up a whole new realm we don't want to explore.

Note: See TracTickets for help on using tickets.