I think I'm liking my "minimal" suggestion less now, since it could cause
us to
throw exceptions in new places if there are access-checked objects on the
prototype chain (still rare, but that makes another case).
So the approach here does seem attractive to me, will see if I can think of
a
good name that's still short for GetPropertyOrFallback.
https://codereview.chromium.org/1230793002/diff/40001/test/cctest/test-api.cc
File test/cctest/test-api.cc (right):
https://codereview.chromium.org/1230793002/diff/40001/test/cctest/test-api.cc#newcode21910
test/cctest/test-api.cc:21910: Local<Value> result2 =
CompileRun("[].concat([global, global], protected)");
On 2015/07/09 at 16:02:09, caitp wrote:
On 2015/07/09 15:56:04, adamk wrote:
> On 2015/07/09 at 14:49:41, caitp wrote:
> > This is probably not doing what I want it to do
> >
> > I would like context 1 to attempt to pass an array from context 2
to
> ArrayConcat() --- and the spreading should occur because the value
is an Array,
> and regardless of whether @@isConcatSpreadable is set to undefined
or not.
> >
> > The API is sort of confusing so I'm not totally sure how to
simulate that.
>
> Is the idea just to check that the check is doing IsJSArray()
instead of
> instanceof? That seems like a separate concern from the security
check test case
> going on here.
Per spec, if @@isConcatSpreadable is undefined, but the value is an
exotic Array object (or a real subclass), the value is always spread ---
so EG, a cross-origin Elements object would be spread due to subclassing
Array.
So I just want to also assert that, even though the
@@isConcatSpreadable value is ignored, it will still perform the spread
for a cross-origin exotic Array object
I see what you're aiming for, but Arrays are never access checked (and
at the moment I don't believe there's any way to create an Array
subclass that is access checked). That's why it seems like a separate
concern, test-wise. The V8 model is sadly brittle, but what it attempts
to do is disallow non-access-checked objects from ever being shared
across origins by cutting off access at the access-checking boundary
(either the Window or Location objects).
https://codereview.chromium.org/1230793002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
