Changeset 205297 in webkit
- Timestamp:
- Sep 1, 2016 10:48:25 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r205296 r205297 1 2016-09-01 Chris Dumez <cdumez@apple.com> 2 3 Align cross-origin proto getter / setter behavior with the specification 4 https://bugs.webkit.org/show_bug.cgi?id=161455 5 6 Reviewed by Mark Lam. 7 8 Add layout test coverage. 9 10 * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt: 11 * http/tests/security/cross-frame-access-object-getPrototypeOf.html: 12 * http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt: 13 * http/tests/security/cross-frame-access-object-setPrototypeOf.html: 14 1 15 2016-09-01 Ryan Haddad <ryanhaddad@apple.com> 2 16 -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt
r205258 r205297 1 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 3 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 4 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. … … 5 7 PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is. 6 8 PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is. 9 PASS: protoGetter.call(targetWindow) should be 'null' and is. 10 PASS: protoGetter.call(targetWindow.location) should be 'null' and is. 7 11 PASS targetWindow.history threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 8 12 PASS: successfullyParsed should be 'true' and is. -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html
r205258 r205297 19 19 shouldBeNull("Object.getPrototypeOf(targetWindow)"); 20 20 shouldBeNull("Object.getPrototypeOf(targetWindow.location)"); 21 protoGetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get; 22 shouldBeNull("protoGetter.call(targetWindow)"); 23 shouldBeNull("protoGetter.call(targetWindow.location)"); 24 21 25 shouldThrowErrorName("targetWindow.history", "SecurityError"); 22 26 -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt
r205205 r205297 1 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 3 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 4 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. … … 12 14 PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Permission denied. 13 15 PASS: targetWindow.location instanceof Array should be 'false' and is. 16 PASS: targetWindow instanceof Array should be 'false' and is. 17 PASS protoSetter.call(targetWindow, Array.prototype) threw exception TypeError: Permission denied. 18 PASS: targetWindow instanceof Array should be 'false' and is. 19 PASS: targetWindow.location instanceof Array should be 'false' and is. 20 PASS protoSetter.call(targetWindow.location, Array.prototype) threw exception TypeError: Permission denied. 21 PASS: targetWindow.location instanceof Array should be 'false' and is. 14 22 PASS: successfullyParsed should be 'true' and is. 15 23 -
trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html
r205205 r205297 25 25 shouldBeFalse("targetWindow.location instanceof Array"); 26 26 27 protoSetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').set; 28 shouldBeFalse("targetWindow instanceof Array"); 29 shouldThrowErrorName("protoSetter.call(targetWindow, Array.prototype)", "TypeError"); 30 shouldBeFalse("targetWindow instanceof Array"); 31 32 shouldBeFalse("targetWindow.location instanceof Array"); 33 shouldThrowErrorName("protoSetter.call(targetWindow.location, Array.prototype)", "TypeError"); 34 shouldBeFalse("targetWindow.location instanceof Array"); 35 27 36 finishJSTest(); 28 37 } -
trunk/Source/JavaScriptCore/ChangeLog
r205285 r205297 1 2016-09-01 Chris Dumez <cdumez@apple.com> 2 3 Align cross-origin proto getter / setter behavior with the specification 4 https://bugs.webkit.org/show_bug.cgi?id=161455 5 6 Reviewed by Mark Lam. 7 8 Align cross-origin proto getter / setter behavior with the specification: 9 10 The setter should throw a TypeError: 11 - https://html.spec.whatwg.org/#windowproxy-setprototypeof 12 - https://html.spec.whatwg.org/#location-setprototypeof 13 - https://tc39.github.io/ecma262/#sec-object.setprototypeof (step 5) 14 15 The getter should return null: 16 - https://html.spec.whatwg.org/#windowproxy-getprototypeof 17 - https://html.spec.whatwg.org/#location-getprototypeof 18 19 I have verified that this aligns our behavior with Firefox and Chrome. 20 21 * runtime/JSGlobalObjectFunctions.cpp: 22 (JSC::GlobalFuncProtoGetterFunctor::operator()): 23 (JSC::globalFuncProtoSetter): 24 1 25 2016-09-01 Csaba Osztrogonác <ossy@webkit.org> 2 26 -
trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
r205198 r205297 888 888 if (m_thisObject->allowsAccessFrom(visitor->callFrame())) 889 889 m_result = JSValue::encode(m_thisObject->getPrototype(m_exec->vm(), m_exec)); 890 else 891 m_result = JSValue::encode(jsNull()); 890 892 891 893 return StackVisitor::Done; … … 975 977 return JSValue::encode(jsUndefined()); 976 978 977 if (!checkProtoSetterAccessAllowed(exec, thisObject)) 979 if (!checkProtoSetterAccessAllowed(exec, thisObject)) { 980 throwTypeError(exec, scope, ASCIILiteral("Permission denied")); 978 981 return JSValue::encode(jsUndefined()); 982 } 979 983 980 984 // Setting __proto__ to a non-object, non-null value is silently ignored to match Mozilla.
Note: See TracChangeset
for help on using the changeset viewer.