Diff
Modified: trunk/LayoutTests/ChangeLog (211599 => 211600)
--- trunk/LayoutTests/ChangeLog 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/LayoutTests/ChangeLog 2017-02-02 23:18:34 UTC (rev 211600)
@@ -1,3 +1,15 @@
+2017-02-02 Chris Dumez <cdu...@apple.com>
+
+ {}.toString.call(crossOriginWindow) should return "[object Object]"
+ https://bugs.webkit.org/show_bug.cgi?id=167701
+ <rdar://problem/30330797>
+
+ Reviewed by Keith Miller.
+
+ Rebaselined existing test now that more checks are passing.
+
+ * http/tests/security/symbols-cross-origin-expected.txt:
+
2017-02-02 Ryan Haddad <ryanhad...@apple.com>
Mark inspector/debugger/breakpoint-scope.html as flaky on macOS debug.
Modified: trunk/LayoutTests/http/tests/security/symbols-cross-origin-expected.txt (211599 => 211600)
--- trunk/LayoutTests/http/tests/security/symbols-cross-origin-expected.txt 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/LayoutTests/http/tests/security/symbols-cross-origin-expected.txt 2017-02-02 23:18:34 UTC (rev 211600)
@@ -4,7 +4,7 @@
* Window
-FAIL (new Object).toString.call(crossOriginWindow) should be [object Object]. Was [object Window].
+PASS (new Object).toString.call(crossOriginWindow) is "[object Object]"
PASS crossOriginWindow instanceof Window is false
PASS Array.prototype.concat.call(crossOriginWindow, ['A']) is [crossOriginWindow, 'A']
PASS crossOriginWindow.toString() threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
@@ -12,7 +12,7 @@
PASS crossOriginWindow.concat(['A']) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
* Location
-FAIL (new Object).toString.call(crossOriginWindow.location) should be [object Object]. Was [object Location].
+PASS (new Object).toString.call(crossOriginWindow.location) is "[object Object]"
PASS crossOriginWindow.location instanceof Location is false
PASS Array.prototype.concat.call(crossOriginWindow.location, ['A']) is [crossOriginWindow.location, 'A']
PASS crossOriginWindow.location.toString() threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (211599 => 211600)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-02-02 23:18:34 UTC (rev 211600)
@@ -1,3 +1,15 @@
+2017-02-02 Chris Dumez <cdu...@apple.com>
+
+ {}.toString.call(crossOriginWindow) should return "[object Object]"
+ https://bugs.webkit.org/show_bug.cgi?id=167701
+ <rdar://problem/30330797>
+
+ Reviewed by Keith Miller.
+
+ Rebaseline W3C test now that one more check is passing.
+
+ * web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:
+
2017-02-01 Chris Dumez <cdu...@apple.com>
REGRESSION(r205136): {}.toString.call(crossOriginWindow) should not throw
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt (211599 => 211600)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt 2017-02-02 23:18:34 UTC (rev 211600)
@@ -21,5 +21,5 @@
PASS Same-origin observers get different functions for cross-origin objects
PASS Same-origin observers get different accessors for cross-origin Window
PASS Same-origin observers get different accessors for cross-origin Location
-FAIL {}.toString.call() does the right thing on cross-origin objects assert_equals: expected "[object Object]" but got "[object Window]"
+PASS {}.toString.call() does the right thing on cross-origin objects
Modified: trunk/Source/_javascript_Core/ChangeLog (211599 => 211600)
--- trunk/Source/_javascript_Core/ChangeLog 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-02-02 23:18:34 UTC (rev 211600)
@@ -1,3 +1,18 @@
+2017-02-02 Chris Dumez <cdu...@apple.com>
+
+ {}.toString.call(crossOriginWindow) should return "[object Object]"
+ https://bugs.webkit.org/show_bug.cgi?id=167701
+ <rdar://problem/30330797>
+
+ Reviewed by Keith Miller.
+
+ Have JSProxy forward toStringName calls to its target so Window
+ can override it.
+
+ * runtime/JSProxy.cpp:
+ (JSC::JSProxy::toStringName):
+ * runtime/JSProxy.h:
+
2017-02-02 Commit Queue <commit-qu...@webkit.org>
Unreviewed, rolling out r211571 and r211582.
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.cpp (211599 => 211600)
--- trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2017-02-02 23:18:34 UTC (rev 211600)
@@ -67,6 +67,12 @@
return thisObject->target()->methodTable()->className(thisObject->target());
}
+String JSProxy::toStringName(const JSObject* object, ExecState* exec)
+{
+ const JSProxy* thisObject = jsCast<const JSProxy*>(object);
+ return thisObject->target()->methodTable(exec->vm())->toStringName(thisObject->target(), exec);
+}
+
bool JSProxy::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
{
JSProxy* thisObject = jsCast<JSProxy*>(object);
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.h (211599 => 211600)
--- trunk/Source/_javascript_Core/runtime/JSProxy.h 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.h 2017-02-02 23:18:34 UTC (rev 211600)
@@ -81,6 +81,7 @@
JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
JS_EXPORT_PRIVATE static String className(const JSObject*);
+ JS_EXPORT_PRIVATE static String toStringName(const JSObject*, ExecState*);
JS_EXPORT_PRIVATE static bool getOwnPropertySlot(JSObject*, ExecState*, PropertyName, PropertySlot&);
JS_EXPORT_PRIVATE static bool getOwnPropertySlotByIndex(JSObject*, ExecState*, unsigned, PropertySlot&);
JS_EXPORT_PRIVATE static bool put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
Modified: trunk/Source/WebCore/ChangeLog (211599 => 211600)
--- trunk/Source/WebCore/ChangeLog 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/ChangeLog 2017-02-02 23:18:34 UTC (rev 211600)
@@ -1,3 +1,27 @@
+2017-02-02 Chris Dumez <cdu...@apple.com>
+
+ {}.toString.call(crossOriginWindow) should return "[object Object]"
+ https://bugs.webkit.org/show_bug.cgi?id=167701
+ <rdar://problem/30330797>
+
+ Reviewed by Keith Miller.
+
+ {}.toString.call() to should "[object Object] for cross origin
+ Window / Location objects. This new behavior is consistent with
+ Firefox and Chrome.
+
+ No new tests, rebaselined existing tests.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::toStringName):
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::toStringName):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateHeader):
+ * bindings/scripts/IDLAttributes.txt:
+ * page/DOMWindow.idl:
+ * page/Location.idl:
+
2017-02-02 Wenson Hsieh <wenson_hs...@apple.com>
Drag images should be anchored to the mouse location
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (211599 => 211600)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-02-02 23:18:34 UTC (rev 211600)
@@ -380,6 +380,14 @@
return false;
}
+String JSDOMWindow::toStringName(const JSObject* object, ExecState* exec)
+{
+ auto* thisObject = jsCast<const JSDOMWindow*>(object);
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError))
+ return ASCIILiteral("Object");
+ return ASCIILiteral("Window");
+}
+
// Custom Attributes
void JSDOMWindow::setLocation(ExecState& state, JSValue value)
Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (211599 => 211600)
--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-02-02 23:18:34 UTC (rev 211600)
@@ -180,6 +180,14 @@
return Base::preventExtensions(object, exec);
}
+String JSLocation::toStringName(const JSObject* object, ExecState* exec)
+{
+ auto* thisObject = jsCast<const JSLocation*>(object);
+ if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), DoNotReportSecurityError))
+ return ASCIILiteral("Object");
+ return ASCIILiteral("Location");
+}
+
bool JSLocationPrototype::putDelegate(ExecState* exec, PropertyName propertyName, JSValue, PutPropertySlot&, bool& putResult)
{
putResult = false;
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (211599 => 211600)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-02-02 23:18:34 UTC (rev 211600)
@@ -1920,6 +1920,9 @@
push (@headerContent, " static JSC::JSValue getPrototype(JSC::JSObject*, JSC::ExecState*);\n") if $interface->extendedAttributes->{CustomGetPrototype};
push (@headerContent, " static bool setPrototype(JSC::JSObject*, JSC::ExecState*, JSC::JSValue, bool shouldThrowIfCantSet);\n") if $interface->extendedAttributes->{CustomSetPrototype};
+ # Custom toStringName function.
+ push (@headerContent, " static String toStringName(const JSC::JSObject*, JSC::ExecState*);\n") if $interface->extendedAttributes->{CustomToStringName};
+
# Custom preventExtensions function.
push(@headerContent, " static bool preventExtensions(JSC::JSObject*, JSC::ExecState*);\n") if $interface->extendedAttributes->{CustomPreventExtensions};
Modified: trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt (211599 => 211600)
--- trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2017-02-02 23:18:34 UTC (rev 211600)
@@ -51,6 +51,7 @@
CustomSetPrototype
CustomSetter
CustomToJSObject
+CustomToStringName
DOMJIT=|ReadDOM|Getter
DoNotCheckConstants
DoNotCheckSecurity
Modified: trunk/Source/WebCore/page/DOMWindow.idl (211599 => 211600)
--- trunk/Source/WebCore/page/DOMWindow.idl 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/page/DOMWindow.idl 2017-02-02 23:18:34 UTC (rev 211600)
@@ -33,6 +33,7 @@
CustomPreventExtensions,
CustomProxyToJSObject,
CustomPutFunction,
+ CustomToStringName,
ExportMacro=WEBCORE_EXPORT,
ImplicitThis,
InterfaceName=Window,
Modified: trunk/Source/WebCore/page/Location.idl (211599 => 211600)
--- trunk/Source/WebCore/page/Location.idl 2017-02-02 23:15:31 UTC (rev 211599)
+++ trunk/Source/WebCore/page/Location.idl 2017-02-02 23:18:34 UTC (rev 211600)
@@ -34,6 +34,7 @@
CustomNamedSetter,
CustomPreventExtensions,
CustomSetPrototype,
+ CustomToStringName,
GenerateIsReachable=ImplFrame,
JSCustomDefineOwnProperty,
JSCustomDefineOwnPropertyOnPrototype,