Diff
Modified: trunk/LayoutTests/ChangeLog (203934 => 203935)
--- trunk/LayoutTests/ChangeLog 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/ChangeLog 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,3 +1,29 @@
+2016-07-29 Chris Dumez <cdu...@apple.com>
+
+ Window's named properties should be exposed on a WindowProperties object in its prototype
+ https://bugs.webkit.org/show_bug.cgi?id=160354
+
+ Reviewed by Gavin Barraclough.
+
+ * fast/dom/Window/es52-globals-expected.txt:
+ Update / Rebaseline test now that named properties are no longer reported as "own"
+ properties on the Window object. I have verified that the test gives the
+ same result in Firefox and Chrome.
+
+ * fast/loader/window-clearing-expected.txt:
+ Rebaseline test that prints one more line because there is one more
+ object in Window's prototype chain.
+
+ * http/tests/security/window-named-proto-expected.txt:
+ * http/tests/security/window-named-valueOf-expected.txt:
+ Rebaseline 2 security tests that give slightly different output. The new
+ output is identical to the one in Firefox and Chrome. The tests are not
+ failing since they are not alert'ing content from the other frame.
+ The reason those tests were logging a security error is because we would
+ previously prevent named property access if the frame name conflicts with
+ a property name in the Window prototype, and we now no longer
+ differentiate this case.
+
2016-07-29 Ryan Haddad <ryanhad...@apple.com>
Marking http/tests/xmlhttprequest/workers/methods-async.html as flaky on ios-simulator release WK2
Modified: trunk/LayoutTests/fast/dom/Window/es52-globals-expected.txt (203934 => 203935)
--- trunk/LayoutTests/fast/dom/Window/es52-globals-expected.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/fast/dom/Window/es52-globals-expected.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,9 +1,11 @@
PASS window.hasOwnProperty("Element") is true
PASS window.hasOwnProperty("x") is true
PASS window.hasOwnProperty("y") is false
-PASS window.hasOwnProperty("f") is true
-PASS window.hasOwnProperty("div") is true
-FAIL window.hasOwnProperty("a") should be true. Was false.
+PASS window.hasOwnProperty("f") is false
+PASS window.__proto__.__proto__.hasOwnProperty("f") is true
+PASS window.hasOwnProperty("div") is false
+PASS window.__proto__.__proto__.hasOwnProperty("div") is true
+PASS window.hasOwnProperty("a") is false
PASS Element is not undefined
PASS x is 1
FAIL y should be undefined. Was 2
Modified: trunk/LayoutTests/fast/dom/Window/es52-globals.html (203934 => 203935)
--- trunk/LayoutTests/fast/dom/Window/es52-globals.html 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/fast/dom/Window/es52-globals.html 2016-07-30 01:08:41 UTC (rev 203935)
@@ -14,9 +14,11 @@
shouldBeTrue('window.hasOwnProperty("Element")');
shouldBeTrue('window.hasOwnProperty("x")');
shouldBeFalse('window.hasOwnProperty("y")');
-shouldBeTrue('window.hasOwnProperty("f")');
-shouldBeTrue('window.hasOwnProperty("div")');
-shouldBeTrue('window.hasOwnProperty("a")');
+shouldBeFalse('window.hasOwnProperty("f")');
+shouldBeTrue('window.__proto__.__proto__.hasOwnProperty("f")');
+shouldBeFalse('window.hasOwnProperty("div")');
+shouldBeTrue('window.__proto__.__proto__.hasOwnProperty("div")');
+shouldBeFalse('window.hasOwnProperty("a")');
</script>
<script>
@@ -40,4 +42,4 @@
shouldBeUndefined('a');
</script>
-<script src=""
\ No newline at end of file
+<script src=""
Modified: trunk/LayoutTests/fast/loader/window-clearing-expected.txt (203934 => 203935)
--- trunk/LayoutTests/fast/loader/window-clearing-expected.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/fast/loader/window-clearing-expected.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -9,3 +9,5 @@
PASS: element 2 in the window's prototype chain was cleared
PASS: element 3 in the window's prototype chain was cleared
+
+PASS: element 4 in the window's prototype chain was cleared
Modified: trunk/LayoutTests/http/tests/security/window-named-proto-expected.txt (203934 => 203935)
--- trunk/LayoutTests/http/tests/security/window-named-proto-expected.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/http/tests/security/window-named-proto-expected.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,4 +1,2 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "null" from accessing a frame with origin "http://localhost:8080". The frame requesting access has a protocol of "data", the frame being accessed has a protocol of "http". Protocols must match.
+CONSOLE MESSAGE: line 2: TypeError: null is not an object (evaluating 'document.body.innerHTML')
-CONSOLE MESSAGE: line 1: TypeError: undefined is not an object (evaluating 'parent.__proto__.alert')
-
Modified: trunk/LayoutTests/http/tests/security/window-named-valueOf-expected.txt (203934 => 203935)
--- trunk/LayoutTests/http/tests/security/window-named-valueOf-expected.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/http/tests/security/window-named-valueOf-expected.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,5 +1,2 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "null" from accessing a frame with origin "http://localhost:8080". The frame requesting access has a protocol of "data", the frame being accessed has a protocol of "http". Protocols must match.
-
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "null" from accessing a frame with origin "http://localhost:8080". The frame requesting access has a protocol of "data", the frame being accessed has a protocol of "http". Protocols must match.
-
+CONSOLE MESSAGE: line 1: Threw exception: TypeError: Illegal constructor
This passes if it doesn't alert the contents of innocent-victim.
Modified: trunk/LayoutTests/http/tests/security/window-named-valueOf.html (203934 => 203935)
--- trunk/LayoutTests/http/tests/security/window-named-valueOf.html 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/http/tests/security/window-named-valueOf.html 2016-07-30 01:08:41 UTC (rev 203935)
@@ -23,6 +23,7 @@
obj.__proto__.__proto__ = parent;
alert(obj.valueOf.constructor("return document.body.innerHTML")());
} catch(ex) {
+ console.log("Threw exception: " + ex)
}
if (window.testRunner)
testRunner.notifyDone();
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (203934 => 203935)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,3 +1,14 @@
+2016-07-29 Chris Dumez <cdu...@apple.com>
+
+ Window's named properties should be exposed on a WindowProperties object in its prototype
+ https://bugs.webkit.org/show_bug.cgi?id=160354
+
+ Reviewed by Gavin Barraclough.
+
+ Rebaseline W3C test now that one more check is passing.
+
+ * web-platform-tests/html/dom/interfaces-expected.txt:
+
2016-07-29 Youenn Fablet <you...@apple.com>
[Fetch API] Activate credentials mode
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt (203934 => 203935)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -5159,7 +5159,7 @@
PASS Window interface: existence and properties of interface object
PASS Window interface object length
PASS Window interface object name
-FAIL Window interface: existence and properties of interface prototype object assert_equals: Class name for prototype of Window.prototype is not "WindowProperties" expected "[object WindowProperties]" but got "[object EventTargetPrototype]"
+PASS Window interface: existence and properties of interface prototype object
PASS Window interface: existence and properties of interface prototype object's "constructor" property
PASS Window interface: attribute self
PASS Window interface: attribute name
Modified: trunk/Source/WebCore/CMakeLists.txt (203934 => 203935)
--- trunk/Source/WebCore/CMakeLists.txt 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/CMakeLists.txt 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1132,6 +1132,7 @@
bindings/js/JSDOMStringMapCustom.cpp
bindings/js/JSDOMWindowBase.cpp
bindings/js/JSDOMWindowCustom.cpp
+ bindings/js/JSDOMWindowProperties.cpp
bindings/js/JSDOMWindowShell.cpp
bindings/js/JSDOMWrapper.cpp
bindings/js/JSDataCueCustom.cpp
Modified: trunk/Source/WebCore/ChangeLog (203934 => 203935)
--- trunk/Source/WebCore/ChangeLog 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/ChangeLog 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1,3 +1,41 @@
+2016-07-29 Chris Dumez <cdu...@apple.com>
+
+ Window's named properties should be exposed on a WindowProperties object in its prototype
+ https://bugs.webkit.org/show_bug.cgi?id=160354
+
+ Reviewed by Gavin Barraclough.
+
+ Window's named properties should be exposed on a WindowProperties object
+ in its prototype:
+ - http://heycam.github.io/webidl/#named-properties-object
+
+ Firefox and Chrome both comply with the specification. However, WebKit
+ had no "WindowProperties" object in the Window prototype chain and the
+ named properties are exposed on the Window object itself.
+
+ No new tests, rebaselined existing tests.
+
+ * CMakeLists.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/JSBindingsAllInOne.cpp:
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::getOwnPropertySlot):
+ (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+ (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess): Deleted.
+ (WebCore::JSDOMWindow::put): Deleted.
+ (WebCore::JSDOMWindow::putByIndex): Deleted.
+ (WebCore::JSDOMWindow::getEnumerableLength): Deleted.
+ * bindings/js/JSDOMWindowProperties.cpp: Added.
+ (WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):
+ (WebCore::JSDOMWindowProperties::getOwnPropertySlot):
+ (WebCore::JSDOMWindowProperties::getOwnPropertySlotByIndex):
+ * bindings/js/JSDOMWindowProperties.h: Added.
+ (WebCore::JSDOMWindowProperties::create):
+ (WebCore::JSDOMWindowProperties::createStructure):
+ (WebCore::JSDOMWindowProperties::JSDOMWindowProperties):
+ * bindings/js/JSDOMWindowShell.cpp:
+ (WebCore::JSDOMWindowShell::setWindow):
+
2016-07-29 Daniel Bates <daba...@apple.com>
Crash under HTMLMediaElement::{resolve, reject}PendingPlayPromises() when playback is interrupted
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (203934 => 203935)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-07-30 01:08:41 UTC (rev 203935)
@@ -1792,6 +1792,8 @@
45FEA5D0156DDE8C00654101 /* Decimal.h in Headers */ = {isa = PBXBuildFile; fileRef = 45FEA5CE156DDE8C00654101 /* Decimal.h */; settings = {ATTRIBUTES = (Private, ); }; };
460BB6151D0A1BF000221812 /* Base64Utilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 460BB6131D0A1BEC00221812 /* Base64Utilities.cpp */; };
460BB6161D0A1BF000221812 /* Base64Utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 460BB6141D0A1BEC00221812 /* Base64Utilities.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 460CBF351D4BCD0E0092E88E /* JSDOMWindowProperties.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 460CBF331D4BCCFE0092E88E /* JSDOMWindowProperties.cpp */; };
+ 460CBF361D4BCD0E0092E88E /* JSDOMWindowProperties.h in Headers */ = {isa = PBXBuildFile; fileRef = 460CBF341D4BCCFE0092E88E /* JSDOMWindowProperties.h */; };
4634592C1AC2271000ECB71C /* PowerObserverMac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4634592B1AC2271000ECB71C /* PowerObserverMac.cpp */; };
463EB6221B8789E00096ED51 /* TagCollection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 463EB6201B8789CB0096ED51 /* TagCollection.cpp */; };
463EB6231B8789E00096ED51 /* TagCollection.h in Headers */ = {isa = PBXBuildFile; fileRef = 463EB6211B8789CB0096ED51 /* TagCollection.h */; };
@@ -9424,6 +9426,8 @@
45FEA5CE156DDE8C00654101 /* Decimal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Decimal.h; sourceTree = "<group>"; };
460BB6131D0A1BEC00221812 /* Base64Utilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Base64Utilities.cpp; sourceTree = "<group>"; };
460BB6141D0A1BEC00221812 /* Base64Utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Base64Utilities.h; sourceTree = "<group>"; };
+ 460CBF331D4BCCFE0092E88E /* JSDOMWindowProperties.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSDOMWindowProperties.cpp; sourceTree = "<group>"; };
+ 460CBF341D4BCCFE0092E88E /* JSDOMWindowProperties.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDOMWindowProperties.h; sourceTree = "<group>"; };
4634592B1AC2271000ECB71C /* PowerObserverMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PowerObserverMac.cpp; sourceTree = "<group>"; };
463EB6201B8789CB0096ED51 /* TagCollection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagCollection.cpp; sourceTree = "<group>"; };
463EB6211B8789CB0096ED51 /* TagCollection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagCollection.h; sourceTree = "<group>"; };
@@ -17904,7 +17908,6 @@
973DC63E145A9409002842C2 /* ExceptionCodeDescription.h */,
9767CE09145ABC12005E64DB /* ExceptionHeaders.h */,
9767CE0A145ABC13005E64DB /* ExceptionInterfaces.h */,
- 9908B0FD1BCAD07D00ED0F45 /* FetchInternalsBuiltins.cpp */,
9B03D8061BB3110D00B764B9 /* FetchInternalsBuiltins.h */,
A17C81200F2A5CF7005DAAEB /* HTMLElementFactory.cpp */,
A17C81210F2A5CF7005DAAEB /* HTMLElementFactory.h */,
@@ -22571,6 +22574,8 @@
E172AF8E1811BC3700FBADB9 /* JSDOMPromise.h */,
BC6932710D7E293900AE44D1 /* JSDOMWindowBase.cpp */,
BC6932720D7E293900AE44D1 /* JSDOMWindowBase.h */,
+ 460CBF331D4BCCFE0092E88E /* JSDOMWindowProperties.cpp */,
+ 460CBF341D4BCCFE0092E88E /* JSDOMWindowProperties.h */,
BCBFB53A0DCD29CF0019B3E5 /* JSDOMWindowShell.cpp */,
BCBFB53B0DCD29CF0019B3E5 /* JSDOMWindowShell.h */,
65E0E9431133C89F00B4CB10 /* JSDOMWrapper.h */,
@@ -27031,6 +27036,7 @@
E44614170CD6826900FADA75 /* JSHTMLVideoElement.h in Headers */,
81BE20D311F4BC3200915DFA /* JSIDBCursor.h in Headers */,
C585A68311D4FB08004C3E4B /* JSIDBDatabase.h in Headers */,
+ 460CBF361D4BCD0E0092E88E /* JSDOMWindowProperties.h in Headers */,
C585A69711D4FB13004C3E4B /* JSIDBFactory.h in Headers */,
C572EE1F1201C9BC007D8F82 /* JSIDBIndex.h in Headers */,
C585A68D11D4FB08004C3E4B /* JSIDBKeyRange.h in Headers */,
@@ -29841,6 +29847,7 @@
14947FFD12F80CD200A0F631 /* DocumentOrderedMap.cpp in Sources */,
A8C2280E11D4A59700D5A7D3 /* DocumentParser.cpp in Sources */,
4A4F48A916B0DFC000EDBB29 /* DocumentRuleSets.cpp in Sources */,
+ 460CBF351D4BCD0E0092E88E /* JSDOMWindowProperties.cpp in Sources */,
AD6E71AC1668899D00320C13 /* DocumentSharedObjectPool.cpp in Sources */,
0B9056190F2578BE0095FF6A /* DocumentThreadableLoader.cpp in Sources */,
1221E04A1BFC3D2C006A1A00 /* DocumentTimeline.cpp in Sources */,
Modified: trunk/Source/WebCore/bindings/js/JSBindingsAllInOne.cpp (203934 => 203935)
--- trunk/Source/WebCore/bindings/js/JSBindingsAllInOne.cpp 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/bindings/js/JSBindingsAllInOne.cpp 2016-07-30 01:08:41 UTC (rev 203935)
@@ -62,6 +62,7 @@
#include "JSDOMStringMapCustom.cpp"
#include "JSDOMWindowBase.cpp"
#include "JSDOMWindowCustom.cpp"
+#include "JSDOMWindowProperties.cpp"
#include "JSDOMWindowShell.cpp"
#include "JSDOMWrapper.cpp"
#include "JSDataCueCustom.cpp"
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (203934 => 203935)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-07-30 01:08:41 UTC (rev 203935)
@@ -146,18 +146,6 @@
return true;
}
- // Do prototype lookup early so that functions and attributes in the prototype can have
- // precedence over the index and name getters.
- // FIXME: This seems like a silly idea. It only serves to suppress named property access
- // to frames that happen to have names corresponding to properties on the prototype.
- // This seems to only serve to leak some information cross-origin.
- JSValue proto = thisObject->getPrototypeDirect();
- if (proto.isObject() && asObject(proto)->getPropertySlot(exec, propertyName, slot)) {
- thisObject->printErrorMessage(errorMessage);
- slot.setUndefined();
- return true;
- }
-
// Check for child frames by name before built-in properties to match Mozilla. This does
// not match IE, but some sites end up naming frames things that conflict with window
// properties that are in Moz but not IE. Since we have some of these, we have to do it
@@ -172,45 +160,6 @@
return true;
}
-static bool jsDOMWindowGetOwnPropertySlotNamedItemGetter(JSDOMWindow* thisObject, Frame& frame, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
-{
- JSValue proto = thisObject->getPrototypeDirect();
- if (proto.isObject() && asObject(proto)->hasProperty(exec, propertyName))
- return false;
-
- // Check for child frames by name before built-in properties to match Mozilla. This does
- // not match IE, but some sites end up naming frames things that conflict with window
- // properties that are in Moz but not IE. Since we have some of these, we have to do it
- // the Moz way.
- if (auto* scopedChild = frame.tree().scopedChild(propertyNameToAtomicString(propertyName))) {
- slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, toJS(exec, scopedChild->document()->domWindow()));
- return true;
- }
-
- // FIXME: Search the whole frame hierarchy somewhere around here.
- // We need to test the correct priority order.
-
- // Allow shortcuts like 'Image1' instead of document.images.Image1
- Document* document = frame.document();
- if (is<HTMLDocument>(*document)) {
- auto& htmlDocument = downcast<HTMLDocument>(*document);
- auto* atomicPropertyName = propertyName.publicName();
- if (atomicPropertyName && htmlDocument.hasWindowNamedItem(*atomicPropertyName)) {
- JSValue namedItem;
- if (UNLIKELY(htmlDocument.windowNamedItemContainsMultipleElements(*atomicPropertyName))) {
- Ref<HTMLCollection> collection = document->windowNamedItems(atomicPropertyName);
- ASSERT(collection->length() > 1);
- namedItem = toJS(exec, thisObject->globalObject(), collection);
- } else
- namedItem = toJS(exec, thisObject->globalObject(), htmlDocument.windowNamedItem(*atomicPropertyName));
- slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, namedItem);
- return true;
- }
- }
-
- return false;
-}
-
// Property access sequence is:
// (1) indexed properties,
// (2) regular own properties,
@@ -254,9 +203,7 @@
}
#endif
- // (3) Finally, named properties.
- // Really, this should just be 'return false;' - these should all be on the NPO.
- return jsDOMWindowGetOwnPropertySlotNamedItemGetter(thisObject, *frame, exec, propertyName, slot);
+ return false;
}
// Property access sequence is:
@@ -284,12 +231,7 @@
return jsDOMWindowGetOwnPropertySlotRestrictedAccess(thisObject, frame, exec, Identifier::from(exec, index), slot, errorMessage);
// (2) Regular own properties.
- if (Base::getOwnPropertySlotByIndex(thisObject, exec, index, slot))
- return true;
-
- // (3) Finally, named properties.
- // Really, this should just be 'return false;' - these should all be on the NPO.
- return jsDOMWindowGetOwnPropertySlotNamedItemGetter(thisObject, *frame, exec, Identifier::from(exec, index), slot);
+ return Base::getOwnPropertySlotByIndex(thisObject, exec, index, slot);
}
bool JSDOMWindow::put(JSCell* cell, ExecState* exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
Added: trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp (0 => 203935)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp (rev 0)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.cpp 2016-07-30 01:08:41 UTC (rev 203935)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "JSDOMWindowProperties.h"
+
+#include "Frame.h"
+#include "HTMLDocument.h"
+#include "JSDOMBinding.h"
+#include "JSElement.h"
+#include "JSHTMLCollection.h"
+
+namespace WebCore {
+
+using namespace JSC;
+
+const ClassInfo JSDOMWindowProperties::s_info = { "WindowProperties", &Base::s_info, 0, CREATE_METHOD_TABLE(JSDOMWindowProperties) };
+
+static bool jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter(JSDOMWindowProperties* thisObject, Frame& frame, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
+{
+ // Check for child frames by name before built-in properties to match Mozilla. This does
+ // not match IE, but some sites end up naming frames things that conflict with window
+ // properties that are in Moz but not IE. Since we have some of these, we have to do it
+ // the Moz way.
+ if (auto* scopedChild = frame.tree().scopedChild(propertyNameToAtomicString(propertyName))) {
+ slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, toJS(exec, scopedChild->document()->domWindow()));
+ return true;
+ }
+
+ // FIXME: Search the whole frame hierarchy somewhere around here.
+ // We need to test the correct priority order.
+
+ // Allow shortcuts like 'Image1' instead of document.images.Image1
+ Document* document = frame.document();
+ if (is<HTMLDocument>(*document)) {
+ auto& htmlDocument = downcast<HTMLDocument>(*document);
+ auto* atomicPropertyName = propertyName.publicName();
+ if (atomicPropertyName && htmlDocument.hasWindowNamedItem(*atomicPropertyName)) {
+ JSValue namedItem;
+ if (UNLIKELY(htmlDocument.windowNamedItemContainsMultipleElements(*atomicPropertyName))) {
+ Ref<HTMLCollection> collection = document->windowNamedItems(atomicPropertyName);
+ ASSERT(collection->length() > 1);
+ namedItem = toJS(exec, thisObject->globalObject(), collection);
+ } else
+ namedItem = toJS(exec, thisObject->globalObject(), htmlDocument.windowNamedItem(*atomicPropertyName));
+ slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, namedItem);
+ return true;
+ }
+ }
+
+ return false;
+}
+
+bool JSDOMWindowProperties::getOwnPropertySlot(JSObject* object, ExecState* state, PropertyName propertyName, PropertySlot& slot)
+{
+ auto* thisObject = jsCast<JSDOMWindowProperties*>(object);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ if (Base::getOwnPropertySlot(thisObject, state, propertyName, slot))
+ return true;
+ JSValue proto = thisObject->getPrototypeDirect();
+ if (proto.isObject() && jsCast<JSObject*>(proto)->hasProperty(state, propertyName))
+ return false;
+
+ if (auto* frame = thisObject->m_window->frame())
+ return jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter(thisObject, *frame, state, propertyName, slot);
+
+ return false;
+}
+
+bool JSDOMWindowProperties::getOwnPropertySlotByIndex(JSObject* object, ExecState* state, unsigned index, PropertySlot& slot)
+{
+ return getOwnPropertySlot(object, state, Identifier::from(state, index), slot);
+}
+
+} // namespace WebCore
Added: trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h (0 => 203935)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h (rev 0)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowProperties.h 2016-07-30 01:08:41 UTC (rev 203935)
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "DOMWindow.h"
+#include "JSDOMWindow.h"
+#include "JSDOMWrapper.h"
+
+namespace WebCore {
+
+class JSDOMWindowProperties : public JSDOMObject {
+public:
+ static JSDOMWindowProperties* create(JSC::Structure* structure, JSDOMWindow& jsDOMWindow)
+ {
+ JSDOMWindowProperties* ptr = new (NotNull, JSC::allocateCell<JSDOMWindowProperties>(jsDOMWindow.vm().heap)) JSDOMWindowProperties(structure, jsDOMWindow);
+ ptr->finishCreation(jsDOMWindow.vm());
+ return ptr;
+ }
+
+ DECLARE_INFO;
+
+ static JSC::Structure* createStructure(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSC::JSValue prototype)
+ {
+ return JSC::Structure::create(vm, globalObject, prototype, JSC::TypeInfo(JSC::ObjectType, StructureFlags), info());
+ }
+
+ static bool getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&);
+ static bool getOwnPropertySlotByIndex(JSC::JSObject*, JSC::ExecState*, unsigned propertyName, JSC::PropertySlot&);
+
+ static const unsigned StructureFlags = JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | Base::StructureFlags;
+
+protected:
+ JSDOMWindowProperties(JSC::Structure* structure, JSDOMWindow& jsDOMWindow)
+ : JSDOMObject(structure, jsDOMWindow)
+ , m_window(jsDOMWindow.wrapped())
+ { }
+
+ Ref<DOMWindow> m_window;
+};
+
+} // namespace WebCore
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp (203934 => 203935)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp 2016-07-30 00:54:10 UTC (rev 203934)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp 2016-07-30 01:08:41 UTC (rev 203935)
@@ -32,6 +32,7 @@
#include "Frame.h"
#include "GCController.h"
#include "JSDOMWindow.h"
+#include "JSDOMWindowProperties.h"
#include "JSEventTarget.h"
#include "ScriptController.h"
#include <heap/StrongInlines.h>
@@ -85,7 +86,11 @@
Structure* structure = JSDOMWindow::createStructure(vm, 0, prototype.get());
JSDOMWindow* jsDOMWindow = JSDOMWindow::create(vm, structure, *domWindow, this);
prototype->structure()->setGlobalObject(vm, jsDOMWindow);
- prototype->structure()->setPrototypeWithoutTransition(vm, JSEventTarget::prototype(vm, jsDOMWindow));
+
+ Structure* windowPropertiesStructure = JSDOMWindowProperties::createStructure(vm, jsDOMWindow, JSEventTarget::prototype(vm, jsDOMWindow));
+ JSDOMWindowProperties* windowProperties = JSDOMWindowProperties::create(windowPropertiesStructure, *jsDOMWindow);
+
+ prototype->structure()->setPrototypeWithoutTransition(vm, windowProperties);
setWindow(vm, jsDOMWindow);
ASSERT(jsDOMWindow->globalObject() == jsDOMWindow);
ASSERT(prototype->globalObject() == jsDOMWindow);