1f1329d960
This avoids touching the Array prototype, which may have been tampered with. BUG=chromium:443982 LOG=n Review URL: https://codereview.chromium.org/820503005 Cr-Commit-Position: refs/heads/master@{#25908}
23 lines
592 B
JavaScript
23 lines
592 B
JavaScript
// Copyright 2014 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
var records;
|
|
function observer(r) {
|
|
records = r;
|
|
}
|
|
|
|
Object.defineProperty(Array.prototype, '0', {
|
|
get: function() { return 0; },
|
|
set: function() { throw "boom!"; }
|
|
});
|
|
arr = [1, 2];
|
|
Array.observe(arr, observer);
|
|
arr.length = 0;
|
|
assertEquals(0, arr.length);
|
|
|
|
Object.deliverChangeRecords(observer);
|
|
assertEquals(1, records.length);
|
|
assertEquals('splice', records[0].type);
|
|
assertArrayEquals([1, 2], records[0].removed);
|