Property values on platform objects are misreported as "forbidden"

[mootari]

When walking an object, valueof attempts to access properties on the object's prototype:

inspector/src/object.js

Lines 18 to 26 in fe14a1b

	export function valueof(object, key) {
	try {
	const value = object[key];
	if (value) value.constructor; // Test for SecurityError.
	return value;
	} catch (ignore) {
	return FORBIDDEN;
	}
	}

Due to implementation details for getters on platform objects this throws TypeError: Illegal invocation, which then gets caught and misinterpreted as SecurityError. As a result the property value is rendered as [forbidden].

To reproduce:

1. Create a cell that returns a native object (e.g. screen, performance)
2. Expand the object

[mootari]

Slack thread: https://observablehq.slack.com/archives/C01LADG5CF6/p1633558706168700

[jleedev]

Proof of concept illustrating two parts of a potential fix:

• Change the proto argument from a boolean to track the root object we are inspecting, and invoke getters with descriptor.get.apply
• Show the getter name in an italic font