[Caja] [google-caja] r5432 committed - Make ERRORS_HAVE_INVISIBLE_PROPERTIES repairable....

[google-caja]

Revision: 5432
Author:   kpr...@switchb.org
Date:     Fri May 31 15:06:53 2013
Log:      Make ERRORS_HAVE_INVISIBLE_PROPERTIES repairable.
https://codereview.appspot.com/9864044
In <https://bugzilla.mozilla.org/show_bug.cgi?id=724768#c12> we now have
a specific list of the invisible properties on Error and a statement
that no other objects have this problem, so we can safely repair the
known problem. This makes Firefox 21 OK for SES as no-known-exploit.

R=erig...@gmail.com

http://code.google.com/p/google-caja/source/detail?r=5432

Modified:
 /trunk/src/com/google/caja/ses/repairES5.js

=======================================
--- /trunk/src/com/google/caja/ses/repairES5.js Wed Apr 24 13:13:05 2013
+++ /trunk/src/com/google/caja/ses/repairES5.js Fri May 31 15:06:53 2013
@@ -1976,6 +1976,8 @@
     'lineNumber',
     'message',
     'stack',
+    // at least FF 21
+    'columnNumber',

     // at least Safari, WebKit 5.1
     'line',
@@ -1998,6 +2000,17 @@
     errorInstanceWhiteMap.set(name, true);
   });

+  // Properties specifically invisible-until-touched to gOPN on Firefox,  
but
+  // otherwise harmless.
+  var errorInstanceKnownInvisibleList = [
+    'message',
+    'fileName',
+    'lineNumber',
+    'columnNumber',
+    'stack'
+  ];
+
+  // Property names to check for unexpected behavior.
   var errorInstanceBlacklist = [
     // seen in a Firebug on FF
     'category',
@@ -2043,13 +2056,16 @@
   /**
    * On Firefox 14+ (and probably earlier), error instances have magical
    * properties that do not appear in getOwnPropertyNames until you refer
-   * to the property.  This makes test_UNEXPECTED_ERROR_PROPERTIES
-   * unreliable, so we can't assume that passing that test is safe.
+   * to the property.  We have been informed of the specific list at
+   * <https://bugzilla.mozilla.org/show_bug.cgi?id=724768#c12>.
    */
   function test_ERRORS_HAVE_INVISIBLE_PROPERTIES() {
     var gopn = Object.getOwnPropertyNames;
     var gopd = Object.getOwnPropertyDescriptor;

+    var checks = errorInstanceWhitelist.concat(errorInstanceBlacklist);
+    var needRepair = false;
+
     var errors = [new Error('e1')];
     try { null.foo = 3; } catch (err) { errors.push(err); }
     for (var i = 0; i < errors.length; i++) {
@@ -2059,20 +2075,23 @@
         found.set(prop, true);
       });
       var j, prop;
-      for (j = 0; j < errorInstanceWhitelist.length; j++) {
-        prop = errorInstanceWhitelist[j];
+      // Check known props
+      for (j = 0; j < errorInstanceKnownInvisibleList.length; j++) {
+        prop = errorInstanceKnownInvisibleList[j];
         if (gopd(err, prop) && !found.get(prop)) {
-          return true;
+          needRepair = true;
+          found.set(prop, true);  // don't treat as new symptom
         }
       }
-      for (j = 0; j < errorInstanceBlacklist.length; j++) {
-        prop = errorInstanceBlacklist[j];
+      // Check for new symptoms
+      for (j = 0; j < checks.length; j++) {
+        prop = checks[j];
         if (gopd(err, prop) && !found.get(prop)) {
-          return true;
+          return 'Unexpectedly invisible Error property: ' + prop;
         }
       }
     }
-    return false;
+    return needRepair;
   }

   /**
@@ -3031,6 +3050,28 @@
       repair_FREEZING_BREAKS_PROTOTYPES_wasApplied = true;
     }
   }
+
+  function repair_ERRORS_HAVE_INVISIBLE_PROPERTIES() {
+    var baseGOPN = Object.getOwnPropertyNames;
+    var baseGOPD = Object.getOwnPropertyDescriptor;
+    var errorPattern = /^\[object [\w$]*Error\]$/;
+
+    function touch(name) {
+      // the forEach will invoke this function with this === the error  
instance
+      baseGOPD(this, name);
+    }
+
+    Object.defineProperty(Object, 'getOwnPropertyNames', {
+      writable: true,  // allow other repairs to stack on
+      value: function repairedErrorInvisGOPN(object) {
+        // Note: not adequate in future ES6 world (TODO(erights): explain  
why)
+        if (errorPattern.test(objToString.call(object))) {
+          errorInstanceKnownInvisibleList.forEach(touch, object);
+        }
+        return baseGOPN(object);
+      }
+    });
+  }

   ////////////////////// Kludge Records /////////////////////
   //
@@ -3730,11 +3771,11 @@
     },
     {
       id: 'ERRORS_HAVE_INVISIBLE_PROPERTIES',
-      description: 'Error instances may have invisible properties',
+      description: 'Error instances have invisible properties',
       test: test_ERRORS_HAVE_INVISIBLE_PROPERTIES,
-      repair: void 0,
-      preSeverity: severities.NOT_ISOLATED,
-      canRepair: false,
+      repair: repair_ERRORS_HAVE_INVISIBLE_PROPERTIES,
+      preSeverity: severities.SAFE_SPEC_VIOLATION,
+      canRepair: true,
       urls: ['https://bugzilla.mozilla.org/show_bug.cgi?id=726477',
              'https://bugzilla.mozilla.org/show_bug.cgi?id=724768'],
       sections: [],

--

--- 
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-caja-discuss+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.