On 2015/07/09 17:17:25, adamk wrote:
I think I'm liking my "minimal" suggestion less now, since it could cause
us
to
throw exceptions in new places if there are access-checked objects on the
prototype chain (still rare, but that makes another case).
So the approach here does seem attractive to me, will see if I can think
of a
good name that's still short for GetPropertyOrFallback.
https://codereview.chromium.org/1230793002/diff/40001/test/cctest/test-api.cc
File test/cctest/test-api.cc (right):
https://codereview.chromium.org/1230793002/diff/40001/test/cctest/test-api.cc#newcode21910
test/cctest/test-api.cc:21910: Local<Value> result2 =
CompileRun("[].concat([global, global], protected)");
On 2015/07/09 at 16:02:09, caitp wrote:
> On 2015/07/09 15:56:04, adamk wrote:
> > On 2015/07/09 at 14:49:41, caitp wrote:
> > > This is probably not doing what I want it to do
> > >
> > > I would like context 1 to attempt to pass an array from context 2 to
> > ArrayConcat() --- and the spreading should occur because the value is
an
Array,
> > and regardless of whether @@isConcatSpreadable is set to undefined or
not.
> > >
> > > The API is sort of confusing so I'm not totally sure how to simulate
that.
> >
> > Is the idea just to check that the check is doing IsJSArray() instead
of
> > instanceof? That seems like a separate concern from the security check
test
case
> > going on here.
>
> Per spec, if @@isConcatSpreadable is undefined, but the value is an
exotic
Array object (or a real subclass), the value is always spread --- so EG, a
cross-origin Elements object would be spread due to subclassing Array.
>
> So I just want to also assert that, even though the @@isConcatSpreadable
value
is ignored, it will still perform the spread for a cross-origin exotic
Array
object
I see what you're aiming for, but Arrays are never access checked (and at
the
moment I don't believe there's any way to create an Array subclass that is
access checked). That's why it seems like a separate concern, test-wise.
The
V8
model is sadly brittle, but what it attempts to do is disallow
non-access-checked objects from ever being shared across origins by
cutting
off
access at the access-checking boundary (either the Window or Location
objects).
Fair enough, then the whole "result2" thing seems kind of pointless, the
rest
should be okay?
https://codereview.chromium.org/1230793002/
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
