Skip to main content

Bug Tracker

Side navigation

#9372 closed bug (wontfix)

Opened May 20, 2011 11:42PM UTC

Closed May 24, 2011 01:02AM UTC

Last modified March 14, 2012 06:21AM UTC

cssProps properties from object prototype chain causes errors

Reported by: xelaris Owned by: xelaris
Priority: low Milestone: 1.next
Component: misc Version: 1.6.1
Keywords: Cc:
Blocked by: Blocking:
Description

There is an issue with methods added to Object.prototype in combination with any function, which ends up in a call to jQuery.css().

If a function is added to every object's prototype chain, calling .css(map), for example, ends up with a call of jQuery.css( elem, name, extra ) where the parameter name becomes the name of the function from the prototype chain. The name is obviously expected to be a string.

Through the line

name = jQuery.cssProps[ name ] || name;

name becomes a function reference, because jQuery.cssProps[ name ] returns the function form the protoype chain.

In the following the function reference is passed to curCSS( elem, name ) where name.replace accordingly causes an error.

Therefore an hasOwnProperty() check is missing.

I suggest something like

name = jQuery.cssProps.hasOwnProperty( name ) && jQuery.cssProps[ name ] || name;

This issue also exists in the current git version.

It can be reproduced whith jsfiddle under: http://jsfiddle.net/jvXMj/

Attachments (0)
Change History (5)

Changed May 20, 2011 11:47PM UTC by xelaris comment:1

Changed May 21, 2011 12:45AM UTC by dmethvin comment:2

owner: → xelaris
status: newpending

jQuery doesn't have a lot of rules about what happens outside the boundaries of the jQuery object, but one of them is that Object.prototype cannot be augmented. There are a lot of unguarded for/in loops throughout.

Did you discover this problem in real code? It's considered a very bad idea to modify Object.prototype so we've hesitated to add overhead to protect against it.

Changed May 21, 2011 01:49AM UTC by xelaris comment:3

status: pendingnew

I agree, generally it's not a neat way to modify

Object.prototype
. However, I discovered this problem in real code. There is a small library in use, which, amongst others, adds a
keys()
method to
Object.prototype
, if there is not a native one, with intend to emulate several functions to harmonize the environment among different browsers. With jQuery 1.5.1 there are no complications, since the problem surfaces not until the update from jQuery 1.5.1 to 1.6.1.

I don't hold, that jQuery should absolute insusceptible for such "manipulations", in case of for/in loop, for example. But I think, if possible, the resulting errors should be mitigated at least. Another solution could be, to determine the name parameter to be a String, within the

curCSS( elem, name )
function. Or to determine the existance of the replace function
name.replace && name.replace(...)
, for example.

Changed May 23, 2011 02:00AM UTC by rwaldron comment:4

component: unfiledmisc
priority: undecidedlow

+1 to dmethvin's comments.

This patch, https://github.com/jquery/jquery/pull/384, only addresses one of infinite issues caused by modifying native or host objects.

Changed May 24, 2011 01:02AM UTC by timmywil comment:5

resolution: → wontfix
status: newclosed

This would open up a whole new realm we don't want to explore.