internet explorer 9 - IE9 JavaScript array initialization bug - Stack Overflow

admin管理员组

文章数量:1355925

Apparently JS implementation in IE9 contains (IMO, critical) bug in handling array literals.

In IE9 in some cases this code:

var a = [1,2,3,4,];

will create array of length 5 with last element equals to undefined.

Here are two versions of my KiTE engine test pages:

• .htm - works in IE9
• .htm - fails in IE9

The only difference is that first document contains data.contacts property initialized as [1,2,3,4] and second one as [1,2,3,4,].

Internal IE debugger reports that data.contacts array contains 5 elements in second case. Without debugger this code fails at line 98 in kite.js (trying to get property of undefined - fifth element of that data.content array )

Questions:

1. How and where people usually report bugs in IE?
2. Have you seen anything similar to this problem? I am looking for simplest case where this problem is reproducible.

Update: here is the test / where all browsers (IE9 included) agree on the fact that var a = [1,2,3,4,]; is of length 4.

Apparently JS implementation in IE9 contains (IMO, critical) bug in handling array literals.

In IE9 in some cases this code:

var a = [1,2,3,4,];

will create array of length 5 with last element equals to undefined.

Here are two versions of my KiTE engine test pages:

• http://terrainformatica./kite/test-kite.htm - works in IE9
• http://terrainformatica./kite/test-kite-ie9-bug.htm - fails in IE9

The only difference is that first document contains data.contacts property initialized as [1,2,3,4] and second one as [1,2,3,4,].

Internal IE debugger reports that data.contacts array contains 5 elements in second case. Without debugger this code fails at line 98 in kite.js (trying to get property of undefined - fifth element of that data.content array )

Questions:

1. How and where people usually report bugs in IE?
2. Have you seen anything similar to this problem? I am looking for simplest case where this problem is reproducible.

Update: here is the test http://jsfiddle/hmAms/ where all browsers (IE9 included) agree on the fact that var a = [1,2,3,4,]; is of length 4.

• javascript
• internet-explorer-9

Share Improve this question Follow edited Jun 1, 2011 at 5:39 c-smile asked Jun 1, 2011 at 5:21 c-smilec-smile 27.5k88 gold badges6565 silver badges9191 bronze badges 4

• 2 i think it shouldnt be written [1,2,3,4,] in the first place – Ibu Commented Jun 1, 2011 at 5:24
• 2 The last ma indicates that there is another value. In your case its undefined. So where is the bug? Remove the obsolete ma and your problem is gone. – Andreas Commented Jun 1, 2011 at 5:26
• 2 Trailing ma is supported by many languages and is useful for auto-generated code (note JSON does not support it officially) and makes editing and merging source code easier. – Peter Davis Commented Jun 1, 2011 at 5:40
• @Peter Davis: Very true. As soon as JS uses C notation it should use its basic syntax features. To avoid surprises. But my question is about different thing actually: IE handles trailing mas in array literals differently in different context - that is the problem. – c-smile Commented Jun 1, 2011 at 6:00

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 10

A single trailing ma in an array literal should be ignored. Two trailing mas is an elision and should add one to the array's length. So:

alert( [1,2,3,4,].length );   // 4

alert( [1,2,3,4,,].length );  // 5

Some versions of IE (< 9?) treat the single trainling ma as an elison and incorrectly add one to length, so the results above are 5 and 6 respsectively. That is inconsistent with ECMA-262 §11.1.3 and therefore is a bug.

The purpose of an elision is to increase array length without creating a extra property or assigning directly to length, so:

var x = [,1,,];

is equivalent to:

var x = new Array(3);
x[1] = 1;

The result in both cases should be an array with length 3 and one property named '1' with value 1. The leading ma and trailing ma pair are elisions, they only affect the length, they do not create properties. IE interprets the leading ma correctly but incorrectly interprets both trailing mas as elisions, incrementing the length by 1 too many.

var x = [,1,,3,,];
var s = 'length: ' + x.length;

for (var p in x) {
  s += '\nindex ' + p + ' has value ' +  x[p]; 
}
alert(s);

The result should be:

length: 5
index 1 has value 1
index 3 has value 3

Incidentally, this bug has probably been around since IE allowed array literals, version 4 at least (1997?).

That's not a bug. That's exactly how it should behave. Microsoft did that on purpose. If you want an array with only 4 items, get rid of the last ma. Simple as that.

If the results you're after is to have an extra, undefined value at the end, you're in luck. Even without the ma, it'll be undefined. It, and every single number after 3.

本文标签： internet explorer 9IE9 JavaScript array initialization bugStack Overflow