Changeset 205205 in webkit
- Timestamp:
- Aug 30, 2016 3:49:45 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r205203 r205205 1 2016-08-30 Chris Dumez <cdumez@apple.com> 2 3 Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object 4 https://bugs.webkit.org/show_bug.cgi?id=161396 5 6 Reviewed by Ryosuke Niwa. 7 8 Update / rebaseline existing test to reflect behavior change. 9 10 * http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt: 11 * http/tests/security/cross-frame-access-object-setPrototypeOf.html: 12 1 13 2016-08-30 Jiewen Tan <jiewen_tan@apple.com> 2 14 -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt
r205037 r205205 1 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 This tests that you can't set the prototype of the window or history objects cross-origin using Object.setPrototypeOf(). 1 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 This tests that you can't set the prototype of the window or location objects cross-origin using Object.setPrototypeOf() 4 5 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". 6 3 7 4 8 PASS: targetWindow instanceof Array should be 'false' and is. 9 PASS Object.setPrototypeOf(targetWindow, Array.prototype) threw exception TypeError: Permission denied. 5 10 PASS: targetWindow instanceof Array should be 'false' and is. 11 PASS: targetWindow.location instanceof Array should be 'false' and is. 12 PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Permission denied. 13 PASS: targetWindow.location instanceof Array should be 'false' and is. 14 PASS: successfullyParsed should be 'true' and is. 6 15 16 TEST COMPLETE 17 18 -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html
r205037 r205205 1 1 <html> 2 2 <head> 3 <script src="/js-test-resources/js-test-pre.js"></script> 3 4 <script src="resources/cross-frame-access.js"></script> 4 5 <script> 5 if (window.testRunner) { 6 testRunner.dumpAsText(); 7 testRunner.waitUntilDone(); 8 } 6 description("This tests that you can't set the prototype of the window or location objects cross-origin using Object.setPrototypeOf()"); 7 jsTestIsAsync = true; 9 8 10 9 // Set up listener for message from iframe … … 19 18 20 19 shouldBeFalse("targetWindow instanceof Array"); 21 22 Object.setPrototypeOf(targetWindow, Array.prototype); 23 20 shouldThrowErrorName("Object.setPrototypeOf(targetWindow, Array.prototype)", "TypeError"); 24 21 shouldBeFalse("targetWindow instanceof Array"); 25 22 26 if (window.testRunner) 27 testRunner.notifyDone(); 23 shouldBeFalse("targetWindow.location instanceof Array"); 24 shouldThrowErrorName("Object.setPrototypeOf(targetWindow.location, Array.prototype)", "TypeError"); 25 shouldBeFalse("targetWindow.location instanceof Array"); 26 27 finishJSTest(); 28 28 } 29 29 </script> 30 30 </head> 31 31 <body> 32 <div>This tests that you can't set the prototype of the window or history objects cross-origin using Object.setPrototypeOf().</div>33 32 <iframe id="target" src="http://localhost:8000/security/resources/cross-frame-iframe-for-object-setPrototypeOf-test.html"></iframe> 34 33 <pre id="console"></pre> 34 <script src="/js-test-resources/js-test-post.js"></script> 35 35 </body> 36 36 </html> -
trunk/Source/JavaScriptCore/ChangeLog
r205204 r205205 1 2016-08-30 Chris Dumez <cdumez@apple.com> 2 3 Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object 4 https://bugs.webkit.org/show_bug.cgi?id=161396 5 6 Reviewed by Ryosuke Niwa. 7 8 Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object: 9 - https://html.spec.whatwg.org/#windowproxy-setprototypeof 10 - https://html.spec.whatwg.org/#location-setprototypeof 11 - https://tc39.github.io/ecma262/#sec-object.setprototypeof (step 5) 12 13 Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message. 14 15 Note that technically, we should also throw in the same origin case. 16 However, not all browsers agree on this yet so I haven't not changed 17 the behavior for the same origin case. 18 19 * runtime/ObjectConstructor.cpp: 20 (JSC::objectConstructorSetPrototypeOf): 21 1 22 2016-08-30 Benjamin Poulain <bpoulain@apple.com> 2 23 -
trunk/Source/JavaScriptCore/runtime/ObjectConstructor.cpp
r205198 r205205 233 233 return JSValue::encode(objectValue); 234 234 235 if (!checkProtoSetterAccessAllowed(exec, object)) 235 if (!checkProtoSetterAccessAllowed(exec, object)) { 236 throwTypeError(exec, ASCIILiteral("Permission denied")); 236 237 return JSValue::encode(objectValue); 238 } 237 239 238 240 bool shouldThrowIfCantSet = true;
Note: See TracChangeset
for help on using the changeset viewer.