Changeset 82003 in webkit


Ignore:
Timestamp:
Mar 25, 2011 4:20:39 PM (13 years ago)
Author:
oliver@apple.com
Message:

2011-03-25 Oliver Hunt <oliver@apple.com>

Reviewed by Darin Adler.

Allow defineOwnProperty to work on DOMObjects
https://bugs.webkit.org/show_bug.cgi?id=57129

Now we disallow the cross origin accesses, rather than just disallowing
the defineOwnProperty at all.

  • http/tests/security/xss-DENIED-defineProperty-expected.txt:

2011-03-25 Oliver Hunt <oliver@apple.com>

Reviewed by Darin Adler.

Allow defineOwnProperty to work on DOMObjects
https://bugs.webkit.org/show_bug.cgi?id=57129

Fix a couple of places where we uses getter()/setter() rather
than [gs]etterPresent().

  • runtime/JSObject.cpp: (JSC::JSObject::defineOwnProperty):

2011-03-25 Oliver Hunt <oliver@apple.com>

Reviewed by Darin Adler.

Allow defineOwnProperty to work on DOMObjects
https://bugs.webkit.org/show_bug.cgi?id=57129

As other engines are allowing defineOwnProperty to be applied
to host objects there's no reason for us to retain this
restriction.

  • bindings/js/JSDOMWrapper.cpp:
  • bindings/js/JSDOMWrapper.h:
Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r82001 r82003  
     12011-03-25  Oliver Hunt  <oliver@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Allow defineOwnProperty to work on DOMObjects
     6        https://bugs.webkit.org/show_bug.cgi?id=57129
     7
     8        Now we disallow the cross origin accesses, rather than just disallowing
     9        the defineOwnProperty at all.
     10
     11        * http/tests/security/xss-DENIED-defineProperty-expected.txt:
     12
    1132011-03-25  Andy Estes  <aestes@apple.com>
    214

  • trunk/LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt

    r48542 r82003  
     1CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     2
     3CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     4
     5CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     6
     7CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     8
     9CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     10
     11CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     12
     13CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     14
     15CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     16
     17CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     18
     19CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     20
     21CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     22
     23CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     24
     25CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     26
     27CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     28
     29CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     30
     31CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     32
     33CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     34
     35CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     36
     37CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     38
     39CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     40
     41CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     42
     43CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     44
     45CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     46
     47CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     48
     49CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     50
     51CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     52
     53CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     54
     55CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     56
     57CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     58
     59CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     60
     61CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     62
     63CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     64
     65CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     66
     67CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     68
     69CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     70
     71CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     72
     73CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     74
     75CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     76
     77CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     78
     79CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     80
     81CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     82
     83CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
     84
    185CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match.
    286

  • trunk/Source/JavaScriptCore/ChangeLog

    r81994 r82003  
     12011-03-25  Oliver Hunt  <oliver@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Allow defineOwnProperty to work on DOMObjects
     6        https://bugs.webkit.org/show_bug.cgi?id=57129
     7
     8        Fix a couple of places where we uses getter()/setter() rather
     9        than [gs]etterPresent().
     10
     11        * runtime/JSObject.cpp:
     12        (JSC::JSObject::defineOwnProperty):
     13
    1142011-03-25  Geoffrey Garen  <ggaren@apple.com>
    215

  • trunk/Source/JavaScriptCore/runtime/JSObject.cpp

    r81272 r82003  
    744744    ASSERT(descriptor.isAccessorDescriptor());
    745745    if (!current.configurable()) {
    746         if (descriptor.setterPresent() && !(current.setter() && JSValue::strictEqual(exec, current.setter(), descriptor.setter()))) {
     746        if (descriptor.setterPresent() && !(current.setterPresent() && JSValue::strictEqual(exec, current.setter(), descriptor.setter()))) {
    747747            if (throwException)
    748748                throwError(exec, createTypeError(exec, "Attempting to change the setter of an unconfigurable property."));
    749749            return false;
    750750        }
    751         if (descriptor.getterPresent() && !(current.getter() && JSValue::strictEqual(exec, current.getter(), descriptor.getter()))) {
     751        if (descriptor.getterPresent() && !(current.getterPresent() && JSValue::strictEqual(exec, current.getter(), descriptor.getter()))) {
    752752            if (throwException)
    753753                throwError(exec, createTypeError(exec, "Attempting to change the getter of an unconfigurable property."));

  • trunk/Source/WebCore/ChangeLog

    r82001 r82003  
     12011-03-25  Oliver Hunt  <oliver@apple.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        Allow defineOwnProperty to work on DOMObjects
     6        https://bugs.webkit.org/show_bug.cgi?id=57129
     7
     8        As other engines are allowing defineOwnProperty to be applied
     9        to host objects there's no reason for us to retain this
     10        restriction.
     11
     12        * bindings/js/JSDOMWrapper.cpp:
     13        * bindings/js/JSDOMWrapper.h:
     14
    1152011-03-25  Andy Estes  <aestes@apple.com>
    216

  • trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp

    r79616 r82003  
    4141#endif
    4242
    43 bool DOMObject::defineOwnProperty(ExecState* exec, const Identifier&, PropertyDescriptor&, bool)
    44 {
    45     throwError(exec, createTypeError(exec, "defineProperty is not supported on DOM Objects"));
    46     return false;
    47 }
    48 
    4943} // namespace WebCore

  • trunk/Source/WebCore/bindings/js/JSDOMWrapper.h

    r60057 r82003  
    3535    }
    3636
    37     virtual bool defineOwnProperty(JSC::ExecState*, const JSC::Identifier&, JSC::PropertyDescriptor&, bool);
    38 
    3937#ifndef NDEBUG
    4038    virtual ~DOMObject();
Note: See TracChangeset for help on using the changeset viewer.