Intent to unship: cross-context @@hasInstance in IDL interfaces

Skip to first unread message

Kagami Rosylight

Mar 4, 2021, 3:53:33 PM3/4/21
to removed custom hasInstance behavior in 2017, and the feature has only been shipped by Firefox.

Dropping the support means that JavaScript `instanceof` operator will return false when the contexts of the object and the constructor don't match, e.g. the object is from an iframe and the constructor is from the top window.

The change will initially be only on Nightly to make sure there won't be any significant breakages, and then will propagate to stable versions.

Tracking bug:
Relevant flag: dom.webidl.crosscontext_hasinstance.enabled

Peter Van der Beken

Mar 5, 2021, 3:05:07 AM3/5/21
Note that for now code running with system principals still has the
hasInstance hook, so instanceof will still return true there if the
platform object and its interface's prototype object are from different
realms. We do plan to align to the behaviour from the spec everywhere in
the near future [1], but it involves fixing a lot of existing code/tests

We added an isInstance() static function on interface objects as a way
to do cross-realm branding checks a while back (only exposed in realms
running with system principals) [3]. New code running with system
principals that needs to do a cross-realm branding check should use for
example 'Node.isInstance(foo)', as opposed to 'foo instanceof Node'.


Reply all
Reply to author
0 new messages