Changeset 95011 in webkit
- Timestamp:
- Sep 12, 2011 9:01:59 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
LayoutTests/ChangeLog (modified) (1 diff)
-
LayoutTests/fast/js/prototypes-expected.txt (modified) (1 diff)
-
LayoutTests/fast/js/script-tests/prototypes.js (modified) (1 diff)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/runtime/JSObject.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r95009 r95011 1 2011-09-12 Sam Weinig <sam@webkit.org> 2 3 Don't allow setting __proto__ to be a getter or setter 4 https://bugs.webkit.org/show_bug.cgi?id=67982 5 6 Reviewed by Gavin Barraclough. 7 8 * fast/js/prototypes-expected.txt: 9 * fast/js/script-tests/prototypes.js: 10 Add test that we disallow setting a getter or setter on __proto__. 11 1 12 2011-09-12 Jacky Jiang <zhajiang@rim.com> 2 13 -
trunk/LayoutTests/fast/js/prototypes-expected.txt
r46963 r95011 54 54 PASS Object.__proto__.isPrototypeOf(Number) is true 55 55 PASS Object.__proto__.isPrototypeOf(String) is true 56 PASS var wasSet = false; var o = { }; o.__defineGetter__("__proto__", function() { wasSet = true }); o.__proto__; wasSet; is false 57 PASS var wasSet = false; var o = { }; o.__defineSetter__("__proto__", function() { wasSet = true }); o.__proto__ = {}; wasSet; is false 56 58 PASS successfullyParsed is true 57 59 -
trunk/LayoutTests/fast/js/script-tests/prototypes.js
r48651 r95011 56 56 shouldBeTrue("Object.__proto__.isPrototypeOf(String)"); 57 57 58 shouldBeFalse("var wasSet = false; var o = { }; o.__defineGetter__(\"__proto__\", function() { wasSet = true }); o.__proto__; wasSet;"); 59 shouldBeFalse("var wasSet = false; var o = { }; o.__defineSetter__(\"__proto__\", function() { wasSet = true }); o.__proto__ = {}; wasSet;"); 60 58 61 var successfullyParsed = true; -
trunk/Source/JavaScriptCore/ChangeLog
r94997 r95011 1 2011-09-12 Sam Weinig <sam@webkit.org> 2 3 Don't allow setting __proto__ to be a getter or setter 4 https://bugs.webkit.org/show_bug.cgi?id=67982 5 6 Reviewed by Gavin Barraclough. 7 8 * runtime/JSObject.cpp: 9 (JSC::JSObject::defineGetter): 10 (JSC::JSObject::defineSetter): 11 Disallow setting a getter or setter on __proto__. 12 1 13 2011-09-12 James Robinson <jamesr@chromium.org> 2 14 -
trunk/Source/JavaScriptCore/runtime/JSObject.cpp
r94814 r95011 323 323 void JSObject::defineGetter(ExecState* exec, const Identifier& propertyName, JSObject* getterFunction, unsigned attributes) 324 324 { 325 if (propertyName == exec->propertyNames().underscoreProto) { 326 // Defining a getter for __proto__ is silently ignored. 327 return; 328 } 329 325 330 JSValue object = getDirect(exec->globalData(), propertyName); 326 331 if (object && object.isGetterSetter()) { … … 349 354 void JSObject::defineSetter(ExecState* exec, const Identifier& propertyName, JSObject* setterFunction, unsigned attributes) 350 355 { 356 if (propertyName == exec->propertyNames().underscoreProto) { 357 // Defining a setter for __proto__ is silently ignored. 358 return; 359 } 360 351 361 JSValue object = getDirect(exec->globalData(), propertyName); 352 362 if (object && object.isGetterSetter()) {
Note: See TracChangeset
for help on using the changeset viewer.
