Title: [250504] branches/safari-608-branch
- Revision
- 250504
- Author
- bshaf...@apple.com
- Date
- 2019-09-30 01:30:37 -0700 (Mon, 30 Sep 2019)
Log Message
Cherry-pick r248796. rdar://problem/55826874
[Re-land] ProxyObject should not be allow to access its target's private properties.
https://bugs.webkit.org/show_bug.cgi?id=200739
<rdar://problem/53972768>
Reviewed by Yusuke Suzuki.
JSTests:
* stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js: Copied from JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js.
* stress/proxy-with-private-symbols.js:
Source/_javascript_Core:
Re-landing this after r200829 which resolves the test262 failure uncovered by this patch.
* runtime/ProxyObject.cpp:
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performDefineOwnProperty):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-608-branch/JSTests/ChangeLog (250503 => 250504)
--- branches/safari-608-branch/JSTests/ChangeLog 2019-09-30 08:30:35 UTC (rev 250503)
+++ branches/safari-608-branch/JSTests/ChangeLog 2019-09-30 08:30:37 UTC (rev 250504)
@@ -1,3 +1,45 @@
+2019-09-30 Babak Shafiei <bshaf...@apple.com>
+
+ Cherry-pick r248796. rdar://problem/55826874
+
+ [Re-land] ProxyObject should not be allow to access its target's private properties.
+ https://bugs.webkit.org/show_bug.cgi?id=200739
+ <rdar://problem/53972768>
+
+ Reviewed by Yusuke Suzuki.
+
+ JSTests:
+
+ * stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js: Copied from JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js.
+ * stress/proxy-with-private-symbols.js:
+
+ Source/_javascript_Core:
+
+ Re-landing this after r200829 which resolves the test262 failure uncovered by this patch.
+
+ * runtime/ProxyObject.cpp:
+ (JSC::performProxyGet):
+ (JSC::ProxyObject::performInternalMethodGetOwnProperty):
+ (JSC::ProxyObject::performHasProperty):
+ (JSC::ProxyObject::performPut):
+ (JSC::ProxyObject::performDelete):
+ (JSC::ProxyObject::performDefineOwnProperty):
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-16 Mark Lam <mark....@apple.com>
+
+ [Re-land] ProxyObject should not be allow to access its target's private properties.
+ https://bugs.webkit.org/show_bug.cgi?id=200739
+ <rdar://problem/53972768>
+
+ Reviewed by Yusuke Suzuki.
+
+ * stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js: Copied from JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js.
+ * stress/proxy-with-private-symbols.js:
+
2019-09-23 Alan Coon <alanc...@apple.com>
Cherry-pick r250116. rdar://problem/55608003
Added: branches/safari-608-branch/JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js (0 => 250504)
--- branches/safari-608-branch/JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js (rev 0)
+++ branches/safari-608-branch/JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js 2019-09-30 08:30:37 UTC (rev 250504)
@@ -0,0 +1,21 @@
+var foo = (function* bar() {
+ try {
+ yield* x;
+ } finally {
+ try {
+ y;
+ } finally {
+ return;
+ }
+ }
+}) ();
+
+var x = new Proxy(foo, {});
+try {
+ x.next();
+} catch (e) {
+ exception = e;
+}
+
+if (exception != 'TypeError: |this| should be a generator')
+ throw "FAILED";
Modified: branches/safari-608-branch/JSTests/stress/proxy-with-private-symbols.js (250503 => 250504)
--- branches/safari-608-branch/JSTests/stress/proxy-with-private-symbols.js 2019-09-30 08:30:35 UTC (rev 250503)
+++ branches/safari-608-branch/JSTests/stress/proxy-with-private-symbols.js 2019-09-30 08:30:37 UTC (rev 250504)
@@ -81,7 +81,7 @@
assert(e.message === "%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");
threw = true;
}
- assert(!threw);
+ assert(threw);
assert(!sawPrivateSymbolAsString);
sawPrivateSymbolAsString = false;
}
Modified: branches/safari-608-branch/Source/_javascript_Core/ChangeLog (250503 => 250504)
--- branches/safari-608-branch/Source/_javascript_Core/ChangeLog 2019-09-30 08:30:35 UTC (rev 250503)
+++ branches/safari-608-branch/Source/_javascript_Core/ChangeLog 2019-09-30 08:30:37 UTC (rev 250504)
@@ -1,5 +1,54 @@
2019-09-30 Babak Shafiei <bshaf...@apple.com>
+ Cherry-pick r248796. rdar://problem/55826874
+
+ [Re-land] ProxyObject should not be allow to access its target's private properties.
+ https://bugs.webkit.org/show_bug.cgi?id=200739
+ <rdar://problem/53972768>
+
+ Reviewed by Yusuke Suzuki.
+
+ JSTests:
+
+ * stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js: Copied from JSTests/stress/proxy-should-not-be-allowed-to-access-private-properties-of-target.js.
+ * stress/proxy-with-private-symbols.js:
+
+ Source/_javascript_Core:
+
+ Re-landing this after r200829 which resolves the test262 failure uncovered by this patch.
+
+ * runtime/ProxyObject.cpp:
+ (JSC::performProxyGet):
+ (JSC::ProxyObject::performInternalMethodGetOwnProperty):
+ (JSC::ProxyObject::performHasProperty):
+ (JSC::ProxyObject::performPut):
+ (JSC::ProxyObject::performDelete):
+ (JSC::ProxyObject::performDefineOwnProperty):
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-16 Mark Lam <mark....@apple.com>
+
+ [Re-land] ProxyObject should not be allow to access its target's private properties.
+ https://bugs.webkit.org/show_bug.cgi?id=200739
+ <rdar://problem/53972768>
+
+ Reviewed by Yusuke Suzuki.
+
+ Re-landing this after r200829 which resolves the test262 failure uncovered by this patch.
+
+ * runtime/ProxyObject.cpp:
+ (JSC::performProxyGet):
+ (JSC::ProxyObject::performInternalMethodGetOwnProperty):
+ (JSC::ProxyObject::performHasProperty):
+ (JSC::ProxyObject::performPut):
+ (JSC::ProxyObject::performDelete):
+ (JSC::ProxyObject::performDefineOwnProperty):
+
+2019-09-30 Babak Shafiei <bshaf...@apple.com>
+
Cherry-pick r247799. rdar://problem/55826880
performJITMemcpy should be PACed with a non-zero diversifier when passed and called via a pointer.
Modified: branches/safari-608-branch/Source/_javascript_Core/runtime/ProxyObject.cpp (250503 => 250504)
--- branches/safari-608-branch/Source/_javascript_Core/runtime/ProxyObject.cpp 2019-09-30 08:30:35 UTC (rev 250503)
+++ branches/safari-608-branch/Source/_javascript_Core/runtime/ProxyObject.cpp 2019-09-30 08:30:37 UTC (rev 250504)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016-2017 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2016-2019 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -143,7 +143,7 @@
};
if (propertyName.isPrivateName())
- return performDefaultGet();
+ return jsUndefined();
JSValue handlerValue = proxyObject->handler();
if (handlerValue.isNull())
@@ -214,7 +214,7 @@
};
if (propertyName.isPrivateName())
- RELEASE_AND_RETURN(scope, performDefaultGetOwnProperty());
+ return false;
JSValue handlerValue = this->handler();
if (handlerValue.isNull()) {
@@ -319,7 +319,7 @@
};
if (propertyName.isPrivateName())
- RELEASE_AND_RETURN(scope, performDefaultHasProperty());
+ return false;
JSValue handlerValue = this->handler();
if (handlerValue.isNull()) {
@@ -421,7 +421,7 @@
}
if (propertyName.isPrivateName())
- RELEASE_AND_RETURN(scope, performDefaultPut());
+ return false;
JSValue handlerValue = this->handler();
if (handlerValue.isNull()) {
@@ -624,7 +624,7 @@
}
if (propertyName.isPrivateName())
- RELEASE_AND_RETURN(scope, performDefaultDelete());
+ return false;
JSValue handlerValue = this->handler();
if (handlerValue.isNull()) {
@@ -817,7 +817,7 @@
};
if (propertyName.isPrivateName())
- return performDefaultDefineOwnProperty();
+ return false;
JSValue handlerValue = this->handler();
if (handlerValue.isNull()) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
