Title: [209218] branches/safari-602-branch
- Revision
- 209218
- Author
- matthew_han...@apple.com
- Date
- 2016-12-01 14:55:40 -0800 (Thu, 01 Dec 2016)
Log Message
Merge r209149. rdar://problem/29404230
Modified Paths
Added Paths
Diff
Modified: branches/safari-602-branch/LayoutTests/ChangeLog (209217 => 209218)
--- branches/safari-602-branch/LayoutTests/ChangeLog 2016-12-01 22:54:52 UTC (rev 209217)
+++ branches/safari-602-branch/LayoutTests/ChangeLog 2016-12-01 22:55:40 UTC (rev 209218)
@@ -1,5 +1,19 @@
2016-12-01 Matthew Hanson <matthew_han...@apple.com>
+ Merge r209149. rdar://problem/29404230
+
+ 2016-11-30 Mark Lam <mark....@apple.com>
+
+ Proxy is not allowed in the global prototype chain.
+ https://bugs.webkit.org/show_bug.cgi?id=165205
+
+ Reviewed by Geoffrey Garen.
+
+ * js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt: Added.
+ * js/dom/proxy-is-not-allowed-in-global-prototype-chain.html: Added.
+
+2016-12-01 Matthew Hanson <matthew_han...@apple.com>
+
Merge r209145. rdar://problem/29404231
2016-11-30 Brent Fulgham <bfulg...@apple.com>
Added: branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt (0 => 209218)
--- branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt (rev 0)
+++ branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain-expected.txt 2016-12-01 22:55:40 UTC (rev 209218)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: TypeError: Proxy is not allowed in the global prototype chain.
+onerror saw TypeError: Proxy is not allowed in the global prototype chain.
+
Added: branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain.html (0 => 209218)
--- branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain.html (rev 0)
+++ branches/safari-602-branch/LayoutTests/js/dom/proxy-is-not-allowed-in-global-prototype-chain.html 2016-12-01 22:55:40 UTC (rev 209218)
@@ -0,0 +1,30 @@
+<pre id="console"></pre>
+
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+window._onerror_ = function(e) {
+ log("onerror saw " + e);
+}
+
+try {
+ var proto = window.__proto__.__proto__.__proto__;
+ proto.__proto__ = new Proxy(proto.__proto__, {
+ has(target, prop) {
+ log("FAIL: proxy saw " + prop);
+ }
+ });
+
+} catch (e) {
+ log("Caught: " + e);
+ log(e.stack);
+}
+
+function log(s)
+{
+ document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
+}
+</script>
+
+<script>var undefined_variable</script>
Modified: branches/safari-602-branch/Source/_javascript_Core/ChangeLog (209217 => 209218)
--- branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-12-01 22:54:52 UTC (rev 209217)
+++ branches/safari-602-branch/Source/_javascript_Core/ChangeLog 2016-12-01 22:55:40 UTC (rev 209218)
@@ -1,3 +1,18 @@
+2016-12-01 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r209149. rdar://problem/29404230
+
+ 2016-11-30 Mark Lam <mark....@apple.com>
+
+ Proxy is not allowed in the global prototype chain.
+ https://bugs.webkit.org/show_bug.cgi?id=165205
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/ProgramExecutable.cpp:
+ (JSC::ProgramExecutable::initializeGlobalProperties):
+ - We'll now throw a TypeError if we detect a Proxy in the global prototype chain.
+
2016-11-11 Matthew Hanson <matthew_han...@apple.com>
Merge r208619. rdar://problem/29225966
Modified: branches/safari-602-branch/Source/_javascript_Core/runtime/Executable.cpp (209217 => 209218)
--- branches/safari-602-branch/Source/_javascript_Core/runtime/Executable.cpp 2016-12-01 22:54:52 UTC (rev 209217)
+++ branches/safari-602-branch/Source/_javascript_Core/runtime/Executable.cpp 2016-12-01 22:55:40 UTC (rev 209218)
@@ -584,6 +584,15 @@
RELEASE_ASSERT(globalObject);
ASSERT(&globalObject->vm() == &vm);
+ JSValue nextPrototype = globalObject->getPrototypeDirect();
+ while (nextPrototype && nextPrototype.isObject()) {
+ if (UNLIKELY(asObject(nextPrototype)->type() == ProxyObjectType)) {
+ ExecState* exec = globalObject->globalExec();
+ return createTypeError(exec, ASCIILiteral("Proxy is not allowed in the global prototype chain."));
+ }
+ nextPrototype = asObject(nextPrototype)->getPrototypeDirect();
+ }
+
JSObject* exception = 0;
UnlinkedProgramCodeBlock* unlinkedCodeBlock = globalObject->createProgramCodeBlock(callFrame, this, &exception);
if (exception)
@@ -675,7 +684,7 @@
RELEASE_ASSERT(offsetForAssert == offset);
}
}
- return 0;
+ return nullptr;
}
void ProgramExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes