Changeset 82003 in webkit
- Timestamp:
- Mar 25, 2011 4:20:39 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r82001 r82003 1 2011-03-25 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Darin Adler. 4 5 Allow defineOwnProperty to work on DOMObjects 6 https://bugs.webkit.org/show_bug.cgi?id=57129 7 8 Now we disallow the cross origin accesses, rather than just disallowing 9 the defineOwnProperty at all. 10 11 * http/tests/security/xss-DENIED-defineProperty-expected.txt: 12 1 13 2011-03-25 Andy Estes <aestes@apple.com> 2 14 -
trunk/LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt
r48542 r82003 1 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 2 3 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 4 5 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 6 7 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 8 9 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 10 11 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 12 13 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 14 15 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 16 17 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 18 19 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 20 21 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 22 23 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 24 25 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 26 27 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 28 29 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 30 31 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 32 33 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 34 35 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 36 37 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 38 39 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 40 41 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 42 43 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 44 45 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 46 47 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 48 49 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 50 51 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 52 53 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 54 55 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 56 57 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 58 59 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 60 61 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 62 63 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 64 65 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 66 67 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 68 69 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 70 71 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 72 73 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 74 75 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 76 77 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 78 79 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 80 81 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 82 83 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 84 1 85 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-defineProperty.html from frame with URL http://localhost:8000/security/resources/xss-DENIED-defineProperty-attacker.html. Domains, protocols and ports must match. 2 86 -
trunk/Source/JavaScriptCore/ChangeLog
r81994 r82003 1 2011-03-25 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Darin Adler. 4 5 Allow defineOwnProperty to work on DOMObjects 6 https://bugs.webkit.org/show_bug.cgi?id=57129 7 8 Fix a couple of places where we uses getter()/setter() rather 9 than [gs]etterPresent(). 10 11 * runtime/JSObject.cpp: 12 (JSC::JSObject::defineOwnProperty): 13 1 14 2011-03-25 Geoffrey Garen <ggaren@apple.com> 2 15 -
trunk/Source/JavaScriptCore/runtime/JSObject.cpp
r81272 r82003 744 744 ASSERT(descriptor.isAccessorDescriptor()); 745 745 if (!current.configurable()) { 746 if (descriptor.setterPresent() && !(current.setter () && JSValue::strictEqual(exec, current.setter(), descriptor.setter()))) {746 if (descriptor.setterPresent() && !(current.setterPresent() && JSValue::strictEqual(exec, current.setter(), descriptor.setter()))) { 747 747 if (throwException) 748 748 throwError(exec, createTypeError(exec, "Attempting to change the setter of an unconfigurable property.")); 749 749 return false; 750 750 } 751 if (descriptor.getterPresent() && !(current.getter () && JSValue::strictEqual(exec, current.getter(), descriptor.getter()))) {751 if (descriptor.getterPresent() && !(current.getterPresent() && JSValue::strictEqual(exec, current.getter(), descriptor.getter()))) { 752 752 if (throwException) 753 753 throwError(exec, createTypeError(exec, "Attempting to change the getter of an unconfigurable property.")); -
trunk/Source/WebCore/ChangeLog
r82001 r82003 1 2011-03-25 Oliver Hunt <oliver@apple.com> 2 3 Reviewed by Darin Adler. 4 5 Allow defineOwnProperty to work on DOMObjects 6 https://bugs.webkit.org/show_bug.cgi?id=57129 7 8 As other engines are allowing defineOwnProperty to be applied 9 to host objects there's no reason for us to retain this 10 restriction. 11 12 * bindings/js/JSDOMWrapper.cpp: 13 * bindings/js/JSDOMWrapper.h: 14 1 15 2011-03-25 Andy Estes <aestes@apple.com> 2 16 -
trunk/Source/WebCore/bindings/js/JSDOMWrapper.cpp
r79616 r82003 41 41 #endif 42 42 43 bool DOMObject::defineOwnProperty(ExecState* exec, const Identifier&, PropertyDescriptor&, bool)44 {45 throwError(exec, createTypeError(exec, "defineProperty is not supported on DOM Objects"));46 return false;47 }48 49 43 } // namespace WebCore -
trunk/Source/WebCore/bindings/js/JSDOMWrapper.h
r60057 r82003 35 35 } 36 36 37 virtual bool defineOwnProperty(JSC::ExecState*, const JSC::Identifier&, JSC::PropertyDescriptor&, bool);38 39 37 #ifndef NDEBUG 40 38 virtual ~DOMObject();
Note: See TracChangeset
for help on using the changeset viewer.