[webkit-changes] [227969] trunk

Thu, 01 Feb 2018 09:22:49 -0800

Title: [227969] trunk
Revision
227969
Author
[email protected]
Date
2018-02-01 09:22:35 -0800 (Thu, 01 Feb 2018)

Log Message

Structured cloning a Symbol should throw
https://bugs.webkit.org/show_bug.cgi?id=182380

Reviewed by Darin Adler.

Source/WebCore:

Test: js/dom/post-message-symbol.html

* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
Structured cloning should throw "DataCloneError" DOMException if it finds Symbol.
Remove unused `isNumber()` case. It is done in dumpImmediate.
(WebCore::CloneSerializer::serializeUndefined): Deleted.
(WebCore::CloneSerializer::serializeBoolean): Deleted.
(WebCore::CloneSerializer::serializeNumber): Deleted.
Remove unused functions.

LayoutTests:

* js/dom/post-message-symbol-expected.txt: Added.
* js/dom/post-message-symbol.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (227968 => 227969)


--- trunk/LayoutTests/ChangeLog	2018-02-01 17:20:24 UTC (rev 227968)
+++ trunk/LayoutTests/ChangeLog	2018-02-01 17:22:35 UTC (rev 227969)
@@ -1,3 +1,13 @@
+2018-02-01  Yusuke Suzuki  <[email protected]>
+
+        Structured cloning a Symbol should throw
+        https://bugs.webkit.org/show_bug.cgi?id=182380
+
+        Reviewed by Darin Adler.
+
+        * js/dom/post-message-symbol-expected.txt: Added.
+        * js/dom/post-message-symbol.html: Added.
+
 2018-02-01  Antoine Quint  <[email protected]>
 
         [Modern Media Controls] Turn media/modern-media-controls/macos-fullscreen-media-controls back on

Added: trunk/LayoutTests/js/dom/post-message-symbol-expected.txt (0 => 227969)


--- trunk/LayoutTests/js/dom/post-message-symbol-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/js/dom/post-message-symbol-expected.txt	2018-02-01 17:22:35 UTC (rev 227969)
@@ -0,0 +1,3 @@
+
+PASS Tests that posting a message that contains Symbols fails. 
+

Added: trunk/LayoutTests/js/dom/post-message-symbol.html (0 => 227969)


--- trunk/LayoutTests/js/dom/post-message-symbol.html	                        (rev 0)
+++ trunk/LayoutTests/js/dom/post-message-symbol.html	2018-02-01 17:22:35 UTC (rev 227969)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src=""
+    <script src=""
+</head>
+<body>
+<script>
+test(() => {
+    assert_throws("DATA_CLONE_ERR", () => {
+        window.postMessage(Symbol("Cocoa"), "*");
+    });
+    assert_throws("DATA_CLONE_ERR", () => {
+        window.postMessage({0: Symbol("Cocoa")}, "*");
+    });
+    assert_throws("DATA_CLONE_ERR", () => {
+        window.postMessage({hello: Symbol("Cocoa")}, "*");
+    });
+    assert_throws("DATA_CLONE_ERR", () => {
+        window.postMessage([Symbol("Cocoa")], "*");
+    });
+}, "Tests that posting a message that contains Symbols fails.");
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (227968 => 227969)


--- trunk/Source/WebCore/ChangeLog	2018-02-01 17:20:24 UTC (rev 227968)
+++ trunk/Source/WebCore/ChangeLog	2018-02-01 17:22:35 UTC (rev 227969)
@@ -1,3 +1,21 @@
+2018-02-01  Yusuke Suzuki  <[email protected]>
+
+        Structured cloning a Symbol should throw
+        https://bugs.webkit.org/show_bug.cgi?id=182380
+
+        Reviewed by Darin Adler.
+
+        Test: js/dom/post-message-symbol.html
+
+        * bindings/js/SerializedScriptValue.cpp:
+        (WebCore::CloneSerializer::dumpIfTerminal):
+        Structured cloning should throw "DataCloneError" DOMException if it finds Symbol.
+        Remove unused `isNumber()` case. It is done in dumpImmediate.
+        (WebCore::CloneSerializer::serializeUndefined): Deleted.
+        (WebCore::CloneSerializer::serializeBoolean): Deleted.
+        (WebCore::CloneSerializer::serializeNumber): Deleted.
+        Remove unused functions.
+
 2018-02-01  Chris Dumez  <[email protected]>
 
         We no longer need to queue service worker jobs until the connection to the service worker process has been established

Modified: trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp (227968 => 227969)


--- trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp	2018-02-01 17:20:24 UTC (rev 227968)
+++ trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp	2018-02-01 17:22:35 UTC (rev 227969)
@@ -561,30 +561,6 @@
         return writeLittleEndian(out, string.characters16(), string.length());
     }
 
-    static void serializeUndefined(Vector<uint8_t>& out)
-    {
-        writeLittleEndian(out, CurrentVersion);
-        writeLittleEndian<uint8_t>(out, UndefinedTag);
-    }
-
-    static void serializeBoolean(bool value, Vector<uint8_t>& out)
-    {
-        writeLittleEndian(out, CurrentVersion);
-        writeLittleEndian<uint8_t>(out, value ? TrueTag : FalseTag);
-    }
-
-    static void serializeNumber(double value, Vector<uint8_t>& out)
-    {
-        writeLittleEndian(out, CurrentVersion);
-        writeLittleEndian<uint8_t>(out, DoubleTag);
-        union {
-            double d;
-            int64_t i;
-        } u;
-        u.d = value;
-        writeLittleEndian(out, u.i);
-    }
-
 private:
     typedef HashMap<JSObject*, uint32_t> ObjectPool;
 
@@ -903,6 +879,7 @@
             dumpImmediate(value);
             return true;
         }
+        ASSERT(value.isCell());
 
         if (value.isString()) {
             dumpString(asString(value)->value(m_exec));
@@ -909,9 +886,8 @@
             return true;
         }
 
-        if (value.isNumber()) {
-            write(DoubleTag);
-            write(value.asNumber());
+        if (value.isSymbol()) {
+            code = SerializationReturnCode::DataCloneError;
             return true;
         }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to