Revision: 24049
Author: [email protected]
Date: Thu Sep 18 17:25:25 2014 UTC
Log: Revert "filter cross context eval"
(Reverts https://codereview.chromium.org/294073002/)
BUG=chromium:415051
LOG=y
[email protected]
Review URL: https://codereview.chromium.org/582093002
https://code.google.com/p/v8/source/detail?r=24049
Modified:
/branches/bleeding_edge/src/generator.js
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/src/v8natives.js
/branches/bleeding_edge/test/cctest/test-api.cc
/branches/bleeding_edge/test/mjsunit/cross-realm-filtering.js
=======================================
--- /branches/bleeding_edge/src/generator.js Wed Sep 17 12:27:16 2014 UTC
+++ /branches/bleeding_edge/src/generator.js Thu Sep 18 17:25:25 2014 UTC
@@ -48,9 +48,7 @@
var global_proxy = %GlobalProxy(global);
// Compile the string in the constructor and not a helper so that errors
// appear to come from here.
- var f = %CompileString(source, true);
- if (!IS_FUNCTION(f)) return f;
- f = %_CallFunction(global_proxy, f);
+ var f = %_CallFunction(global_proxy, %CompileString(source, true));
%FunctionMarkNameShouldPrintAsAnonymous(f);
return f;
}
=======================================
--- /branches/bleeding_edge/src/runtime.cc Thu Sep 18 14:53:00 2014 UTC
+++ /branches/bleeding_edge/src/runtime.cc Thu Sep 18 17:25:25 2014 UTC
@@ -9819,59 +9819,6 @@
return callback(v8::Utils::ToLocal(context));
}
}
-
-
-// Walk up the stack expecting:
-// - Runtime_CompileString
-// - JSFunction callee (eval, Function constructor, etc)
-// - call() (maybe)
-// - apply() (maybe)
-// - bind() (maybe)
-// - JSFunction caller (maybe)
-//
-// return true if the caller has the same security token as the callee
-// or if an exit frame was hit, in which case allow it through, as it could
-// have come through the api.
-static bool TokensMatchForCompileString(Isolate* isolate) {
- MaybeHandle<JSFunction> callee;
- bool exit_handled = true;
- bool tokens_match = true;
- bool done = false;
- for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) {
- StackFrame* raw_frame = it.frame();
- if (!raw_frame->is_java_script()) {
- if (raw_frame->is_exit()) exit_handled = false;
- continue;
- }
- JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame);
- List<FrameSummary> frames(FLAG_max_inlining_levels + 1);
- outer_frame->Summarize(&frames);
- for (int i = frames.length() - 1; i >= 0 && !done; --i) {
- FrameSummary& frame = frames[i];
- Handle<JSFunction> fun = frame.function();
- // Capture the callee function.
- if (callee.is_null()) {
- callee = fun;
- exit_handled = true;
- continue;
- }
- // Exit condition.
- Handle<Context> context(callee.ToHandleChecked()->context());
- if (!fun->context()->HasSameSecurityTokenAs(*context)) {
- tokens_match = false;
- done = true;
- continue;
- }
- // Skip bound functions in correct origin.
- if (fun->shared()->bound()) {
- exit_handled = true;
- continue;
- }
- done = true;
- }
- }
- return !exit_handled || tokens_match;
-}
RUNTIME_FUNCTION(Runtime_CompileString) {
@@ -9882,11 +9829,6 @@
// Extract native context.
Handle<Context> context(isolate->native_context());
-
- // Filter cross security context calls.
- if (!TokensMatchForCompileString(isolate)) {
- return isolate->heap()->undefined_value();
- }
// Check if native context allows code generation from
// strings. Throw an exception if it doesn't.
=======================================
--- /branches/bleeding_edge/src/v8natives.js Thu Sep 18 17:14:13 2014 UTC
+++ /branches/bleeding_edge/src/v8natives.js Thu Sep 18 17:25:25 2014 UTC
@@ -1859,9 +1859,7 @@
var global_proxy = %GlobalProxy(global);
// Compile the string in the constructor and not a helper so that errors
// appear to come from here.
- var f = %CompileString(source, true);
- if (!IS_FUNCTION(f)) return f;
- f = %_CallFunction(global_proxy, f);
+ var f = %_CallFunction(global_proxy, %CompileString(source, true));
%FunctionMarkNameShouldPrintAsAnonymous(f);
return f;
}
=======================================
--- /branches/bleeding_edge/test/cctest/test-api.cc Tue Sep 16 12:48:59
2014 UTC
+++ /branches/bleeding_edge/test/cctest/test-api.cc Thu Sep 18 17:25:25
2014 UTC
@@ -22858,32 +22858,6 @@
int line_number = script->GetUnboundScript()->GetLineNumber(0);
CHECK_EQ(13, line_number);
}
-
-
-Local<v8::Context> call_eval_context;
-Local<v8::Function> call_eval_bound_function;
-static void CallEval(const v8::FunctionCallbackInfo<v8::Value>& args) {
- v8::Context::Scope scope(call_eval_context);
- args.GetReturnValue().Set(
- call_eval_bound_function->Call(call_eval_context->Global(), 0,
NULL));
-}
-
-
-TEST(CrossActivationEval) {
- LocalContext env;
- v8::Isolate* isolate = env->GetIsolate();
- v8::HandleScope scope(isolate);
- {
- call_eval_context = v8::Context::New(isolate);
- v8::Context::Scope scope(call_eval_context);
- call_eval_bound_function =
- Local<Function>::Cast(CompileRun("eval.bind(this, '1')"));
- }
- env->Global()->Set(v8_str("CallEval"),
- v8::FunctionTemplate::New(isolate, CallEval)->GetFunction());
- Local<Value> result = CompileRun("CallEval();");
- CHECK_EQ(result, v8::Integer::New(isolate, 1));
-}
void SourceURLHelper(const char* source, const char* expected_source_url,
=======================================
--- /branches/bleeding_edge/test/mjsunit/cross-realm-filtering.js Thu Jun
12 08:28:19 2014 UTC
+++ /branches/bleeding_edge/test/mjsunit/cross-realm-filtering.js Thu Sep
18 17:25:25 2014 UTC
@@ -70,72 +70,3 @@
Realm.eval(realms[0], script);
assertSame(Realm.shared.caller_0, Realm.shared.result_0);
assertSame(null, Realm.shared.result_1);
-
-
-// Check function constructor.
-var ctor_script = "Function.constructor";
-var ctor_a_script =
- "(function() { return Function.constructor.apply(this, ['return 1;']);
})";
-var ctor_b_script = "Function.constructor.bind(this, 'return 1;')";
-var ctor_c_script =
- "(function() { return Function.constructor.call(this, 'return 1;');
})";
-Realm.shared = {
- ctor_0 : Realm.eval(realms[0], ctor_script),
- ctor_1 : Realm.eval(realms[1], ctor_script),
- ctor_a_0 : Realm.eval(realms[0], ctor_a_script),
- ctor_a_1 : Realm.eval(realms[1], ctor_a_script),
- ctor_b_0 : Realm.eval(realms[0], ctor_b_script),
- ctor_b_1 : Realm.eval(realms[1], ctor_b_script),
- ctor_c_0 : Realm.eval(realms[0], ctor_c_script),
- ctor_c_1 : Realm.eval(realms[1], ctor_c_script),
-}
-
-var script_0
= " \
- var ctor_0 =
Realm.shared.ctor_0; \
- Realm.shared.direct_0 = ctor_0('return
1'); \
- Realm.shared.indirect_0 = (function() { return ctor_0('return 1;');
})(); \
- Realm.shared.apply_0 = ctor_0.apply(this, ['return
1']); \
- Realm.shared.bind_0 = ctor_0.bind(this, 'return
1')(); \
- Realm.shared.call_0 = ctor_0.call(this, 'return
1'); \
- Realm.shared.a_0 =
Realm.shared.ctor_a_0(); \
- Realm.shared.b_0 =
Realm.shared.ctor_b_0(); \
- Realm.shared.c_0 =
Realm.shared.ctor_c_0(); \
-";
-
-script = script_0 + script_0.replace(/_0/g, "_1");
-
-Realm.eval(realms[0], script);
-assertSame(1, Realm.shared.direct_0());
-assertSame(1, Realm.shared.indirect_0());
-assertSame(1, Realm.shared.apply_0());
-assertSame(1, Realm.shared.bind_0());
-assertSame(1, Realm.shared.call_0());
-assertSame(1, Realm.shared.a_0());
-assertSame(1, Realm.shared.b_0());
-assertSame(1, Realm.shared.c_0());
-assertSame(undefined, Realm.shared.direct_1);
-assertSame(undefined, Realm.shared.indirect_1);
-assertSame(undefined, Realm.shared.apply_1);
-assertSame(undefined, Realm.shared.bind_1);
-assertSame(undefined, Realm.shared.call_1);
-assertSame(1, Realm.shared.a_1());
-assertSame(undefined, Realm.shared.b_1);
-assertSame(1, Realm.shared.c_1());
-
-Realm.eval(realms[1], script);
-assertSame(undefined, Realm.shared.direct_0);
-assertSame(undefined, Realm.shared.indirect_0);
-assertSame(undefined, Realm.shared.apply_0);
-assertSame(undefined, Realm.shared.bind_0);
-assertSame(undefined, Realm.shared.call_0);
-assertSame(1, Realm.shared.a_0());
-assertSame(undefined, Realm.shared.b_0);
-assertSame(1, Realm.shared.c_1());
-assertSame(1, Realm.shared.direct_1());
-assertSame(1, Realm.shared.indirect_1());
-assertSame(1, Realm.shared.apply_1());
-assertSame(1, Realm.shared.bind_1());
-assertSame(1, Realm.shared.call_1());
-assertSame(1, Realm.shared.a_1());
-assertSame(1, Realm.shared.b_1());
-assertSame(1, Realm.shared.c_1());
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
