Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d92dec18da8e9098eb5c3f044dd28ae6dd3f7497
https://github.com/WebKit/WebKit/commit/d92dec18da8e9098eb5c3f044dd28ae6dd3f7497
Author: Yusuke Suzuki <[email protected]>
Date: 2026-04-15 (Wed, 15 Apr 2026)
Changed paths:
A JSTests/stress/module-loader-object-prototype-then-no-promise-tamper.js
A JSTests/stress/module-loader-promise-then-reassigned-same-value.js
A JSTests/stress/module-loader-promise-then-tampered-no-deps.js
A JSTests/stress/module-loader-promise-then-tampered.js
A JSTests/stress/resources/module-loader-promise-then-tampered-dep.js
A JSTests/stress/resources/module-loader-promise-then-tampered-no-deps.js
A JSTests/stress/resources/module-loader-promise-then-tampered-target.js
M Source/JavaScriptCore/runtime/Completion.cpp
M Source/JavaScriptCore/runtime/CyclicModuleRecord.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/JavaScriptCore/runtime/JSMicrotask.cpp
M Source/JavaScriptCore/runtime/JSModuleLoader.cpp
M Source/JavaScriptCore/runtime/JSPromise.cpp
M Source/JavaScriptCore/runtime/JSPromise.h
M Source/JavaScriptCore/runtime/Microtask.h
M Source/JavaScriptCore/runtime/ModuleRegistryEntry.cpp
M Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp
M Source/WebCore/bindings/js/JSDOMPromiseDeferred.h
M Source/WebCore/bindings/js/ScriptModuleLoader.cpp
Log Message:
-----------
[JSC] Avoid looking up "then" for internal module pipeline's JSPromise
https://bugs.webkit.org/show_bug.cgi?id=312368
rdar://174820983
Reviewed by Keith Miller.
Let's not use `resolve` for internal module pipeline's JSPromise as it
needs to look up "then". We need to make sure that they are not
observable as it happens to use JSPromise internally. Also, we make
things defensive by using jsSecureCast for module pipeline populated
values. We add JSPromise::pipeFrom which just connect an incoming JSPromise
to the resulted JSPromise without user-observable behavior.
Tests: JSTests/stress/module-loader-object-prototype-then-no-promise-tamper.js
JSTests/stress/module-loader-promise-then-reassigned-same-value.js
JSTests/stress/module-loader-promise-then-tampered-no-deps.js
JSTests/stress/module-loader-promise-then-tampered.js
* JSTests/stress/module-loader-object-prototype-then-no-promise-tamper.js:
Added.
(Object.prototype.then):
(import.string_appeared_here.then):
* JSTests/stress/module-loader-promise-then-reassigned-same-value.js: Added.
* JSTests/stress/module-loader-promise-then-tampered-no-deps.js: Added.
(Promise.prototype.then):
* JSTests/stress/module-loader-promise-then-tampered.js: Added.
(Promise.prototype.then):
* JSTests/stress/resources/module-loader-promise-then-tampered-dep.js: Added.
* JSTests/stress/resources/module-loader-promise-then-tampered-no-deps.js:
Added.
* JSTests/stress/resources/module-loader-promise-then-tampered-target.js: Added.
* Source/JavaScriptCore/runtime/Completion.cpp:
(JSC::loadAndEvaluateModule):
* Source/JavaScriptCore/runtime/CyclicModuleRecord.cpp:
(JSC::CyclicModuleRecord::evaluate):
(JSC::CyclicModuleRecord::execute):
(JSC::CyclicModuleRecord::asyncExecutionFulfilled):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSMicrotask.cpp:
(JSC::moduleRegistryFetchSettled):
(JSC::moduleRegistryModuleSettled):
(JSC::moduleLoadStep):
(JSC::moduleLoadTopSettled):
(JSC::moduleLoadTopRejected):
(JSC::moduleLoadSpecifierTransform):
(JSC::moduleLoadCombinedLoadSettled):
(JSC::moduleLoadCombinedStateSettled):
(JSC::moduleLoadLinkEvaluateSettled):
(JSC::moduleLoadReturnRecord):
(JSC::dynamicImportEvaluateSettled):
(JSC::importModuleNamespace):
(JSC::runInternalMicrotask):
* Source/JavaScriptCore/runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::loadModule):
(JSC::JSModuleLoader::requestImportModule):
(JSC::JSModuleLoader::hostLoadImportedModule):
(JSC::JSModuleLoader::innerModuleLoading):
(JSC::JSModuleLoader::loadRequestedModules):
(JSC::JSModuleLoader::makeModule):
* Source/JavaScriptCore/runtime/JSPromise.cpp:
(JSC::JSPromise::pipeFrom):
* Source/JavaScriptCore/runtime/JSPromise.h:
* Source/JavaScriptCore/runtime/Microtask.h:
* Source/JavaScriptCore/runtime/ModuleRegistryEntry.cpp:
(JSC::ModuleRegistryEntry::ensureFetchPromise):
(JSC::ModuleRegistryEntry::ensureModulePromise):
(JSC::ModuleRegistryEntry::provideFetch):
* Source/WebCore/bindings/js/JSDOMPromiseDeferred.cpp:
(WebCore::DeferredPromise::callFunction):
* Source/WebCore/bindings/js/JSDOMPromiseDeferred.h:
(WebCore::DeferredPromise::fulfillWithCallback):
(WebCore::DeferredPromise::fulfillWithoutThenableCheck):
* Source/WebCore/bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::notifyFinished):
Canonical link: https://commits.webkit.org/311296@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
