Title: [95028] trunk
- Revision
- 95028
- Author
- wei...@apple.com
- Date
- 2011-09-13 09:01:38 -0700 (Tue, 13 Sep 2011)
Log Message
Object.getPrototypeOf should use JSValue::get()
https://bugs.webkit.org/show_bug.cgi?id=67973
Reviewed by Darin Adler.
Source/_javascript_Core:
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
Pipe through JSValue::get() to allow overrides.
LayoutTests:
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt: Added.
* http/tests/security/cross-frame-access-object-getPrototypeOf.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (95027 => 95028)
--- trunk/LayoutTests/ChangeLog 2011-09-13 15:32:51 UTC (rev 95027)
+++ trunk/LayoutTests/ChangeLog 2011-09-13 16:01:38 UTC (rev 95028)
@@ -1,3 +1,14 @@
+2011-09-12 Sam Weinig <s...@webkit.org>
+
+ Object.getPrototypeOf should use JSValue::get()
+ https://bugs.webkit.org/show_bug.cgi?id=67973
+
+ Reviewed by Darin Adler.
+
+ * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt: Added.
+ * http/tests/security/cross-frame-access-object-getPrototypeOf.html: Added.
+ * http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html: Added.
+
2011-09-13 Fumitoshi Ukai <u...@chromium.org>
Unreviewed, update chromium test expectations
Added: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (0 => 95028)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2011-09-13 16:01:38 UTC (rev 95028)
@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 1: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-object-getPrototypeOf.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-object-getPrototypeOf.html. Domains, protocols and ports must match.
+
+This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().
+
+PASS: Object.getPrototypeOf(targetWindow) should be 'undefined' and is.
+PASS: Object.getPrototypeOf(targetWindow.history) should be 'undefined' and is.
+
Added: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (0 => 95028)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2011-09-13 16:01:38 UTC (rev 95028)
@@ -0,0 +1,34 @@
+<html>
+<head>
+ <script src=""
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ // Set up listener for message from iframe
+ addEventListener('message', function(event) {
+ if (event.data == "finishedLoad")
+ doTest();
+ }, false);
+
+
+ doTest = function()
+ {
+ targetWindow = document.getElementById("target").contentWindow;
+
+ shouldBeUndefined("Object.getPrototypeOf(targetWindow)");
+ shouldBeUndefined("Object.getPrototypeOf(targetWindow.history)");
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ </script>
+</head>
+<body>
+ <div>This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().</div>
+ <iframe id="target" src=""
+ <pre id="console"></pre>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html (0 => 95028)
--- trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-test.html 2011-09-13 16:01:38 UTC (rev 95028)
@@ -0,0 +1,13 @@
+<html>
+<head>
+ <script>
+ _onload_ = function()
+ {
+ parent.postMessage("finishedLoad", "*");
+ }
+ </script>
+</head>
+<body>
+ Body
+</body>
+</html>
Modified: trunk/Source/_javascript_Core/ChangeLog (95027 => 95028)
--- trunk/Source/_javascript_Core/ChangeLog 2011-09-13 15:32:51 UTC (rev 95027)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-09-13 16:01:38 UTC (rev 95028)
@@ -1,3 +1,14 @@
+2011-09-13 Sam Weinig <s...@webkit.org>
+
+ Object.getPrototypeOf should use JSValue::get()
+ https://bugs.webkit.org/show_bug.cgi?id=67973
+
+ Reviewed by Darin Adler.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::objectConstructorGetPrototypeOf):
+ Pipe through JSValue::get() to allow overrides.
+
2011-09-12 Filip Pizlo <fpi...@apple.com>
_javascript_Core does not have baseline->speculative OSR
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (95027 => 95028)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2011-09-13 15:32:51 UTC (rev 95027)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2011-09-13 16:01:38 UTC (rev 95028)
@@ -137,7 +137,11 @@
{
if (!exec->argument(0).isObject())
return throwVMError(exec, createTypeError(exec, "Requested prototype of a value that is not an object."));
- return JSValue::encode(asObject(exec->argument(0))->prototype());
+
+ // This uses JSValue::get() instead of directly accessing the prototype from the object
+ // (using JSObject::prototype()) in order to allow objects to override the behavior, such
+ // as returning jsUndefined() for cross-origin access.
+ return JSValue::encode(exec->argument(0).get(exec, exec->propertyNames().underscoreProto));
}
EncodedJSValue JSC_HOST_CALL objectConstructorGetOwnPropertyDescriptor(ExecState* exec)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes