ur... I still can not get it. In the following modification, I changed object x by scripts.
*Modification Three:* TEST(EvalInAccessCheckedContext) { v8::Isolate* isolate = CcTest::isolate(); v8::HandleScope scope(isolate); v8::Local<v8::ObjectTemplate> obj_template = v8::ObjectTemplate::New(isolate); //obj_template->SetAccessCheckCallback(AccessAlwaysAllowed); v8::Local<Context> context0 = Context::New(isolate, NULL, obj_template); v8::Local<Context> context1 = Context::New(isolate, NULL, obj_template); Local<Value> foo = v8_str("foo"); Local<Value> bar = v8_str("bar"); // Set to different domains. context0->SetSecurityToken(foo); context1->SetSecurityToken(bar); // Set up function in context0 that uses eval from context0. context0->Enter(); v8::Local<v8::Value> fun = CompileRun( "var x = {a:42};" "(function() {" " var e = eval;" " return function(s) { return x; }" "})()"); context0->Exit(); // Put the function into context1 and call it. Since the access check // callback always returns true, the call succeeds even though the tokens // are different. context1->Enter(); context1->Global()->Set(context1, v8_str("fun"), fun).FromJust(); v8::Local<v8::Value> x_value = CompileRun("var c = fun('x'); c.a = 43; c.b = 45;"); //change x object by scripts CHECK_EQ(45, x_value->Int32Value(context1).FromJust()); context1->Exit(); context0->Enter(); x_value = CompileRun("x.a"); CHECK_EQ(43, x_value->Int32Value(context0).FromJust()); // change is allowed x_value = CompileRun("x.b"); CHECK_EQ(45, x_value->Int32Value(context0).FromJust()); // change is allowed context0->Exit(); } *Modification Four :* TEST(EvalInAccessCheckedContext) { v8::Isolate* isolate = CcTest::isolate(); v8::HandleScope scope(isolate); v8::Local<v8::ObjectTemplate> obj_template = v8::ObjectTemplate::New(isolate); //obj_template->SetAccessCheckCallback(AccessAlwaysAllowed); v8::Local<Context> context0 = Context::New(isolate, NULL, obj_template); v8::Local<Context> context1 = Context::New(isolate, NULL, obj_template); Local<Value> foo = v8_str("foo"); Local<Value> bar = v8_str("bar"); // Set to different domains. context0->SetSecurityToken(foo); context1->SetSecurityToken(bar); // Set up function in context0 that uses eval from context0. context0->Enter(); v8::Local<v8::Value> fun = CompileRun( "var x = 42;" "var y = function() {return x;};" // y is a function which is set up in context0. "(function() {" //" var e = eval;" // this line will fail test " var e = y;" // this line will pass test " return function(s) { return e(s); }" "})()"); context0->Exit(); // Put the function into context1 and call it. Since the access check // callback always returns true, the call succeeds even though the tokens // are different. context1->Enter(); context1->Global()->Set(context1, v8_str("fun"), fun).FromJust(); v8::Local<v8::Value> x_value = CompileRun("fun('x');"); CHECK_EQ(42, x_value->Int32Value(context1).FromJust()); context1->Exit(); } I also find another test case. In the test case, all operations are write by c++ code, and SetSecurityToken can control access. *Another test case: * THREADED_TEST(MultiContexts) { v8::Isolate* isolate = CcTest::isolate(); v8::HandleScope scope(isolate); v8::Local<ObjectTemplate> templ = ObjectTemplate::New(isolate); templ->Set(v8_str("dummy"), v8::FunctionTemplate::New(isolate, DummyCallHandler)); Local<String> password = v8_str("Password"); Local<String> password2 = v8_str("Password2"); // another token // Create an environment LocalContext context0(0, templ); context0->SetSecurityToken(password); v8::Local<v8::Object> global0 = context0->Global(); CHECK(global0->Set(context0.local(), v8_str("custom"), v8_num(1234)) .FromJust()); CHECK_EQ(1234, global0->Get(context0.local(), v8_str("custom")) .ToLocalChecked() ->Int32Value(context0.local()) .FromJust()); // Create an independent environment LocalContext context1(0, templ); context1->SetSecurityToken(password2);// set another token v8::Local<v8::Object> global1 = context1->Global(); CHECK(global1->Set(context1.local(), v8_str("custom"), v8_num(1234)) .FromJust()); CHECK(!global0->Equals(context1.local(), global1).FromJust()); CHECK_EQ(1234, global0->Get(context1.local(), v8_str("custom")) // this line will fail if tokens are not matched .ToLocalChecked() ->Int32Value(context0.local()) .FromJust()); //skip some codes below ... } 在 2018年5月30日星期三 UTC+8下午6:51:34,Ben Noordhuis写道: > > On Wed, May 30, 2018 at 12:41 PM, <fengx...@gmail.com <javascript:>> > wrote: > > thanks. But in Modification Two, I changed object x 's property a in a > > different context successfully. is this fulfilled "Access checks are > invoked > > when trying to access objects" condition? > > Access checks are for sandboxing untrusted JS code, they don't apply > to C++ code. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.