Reviewers: Mads Ager,
Message:
Test (LayoutTest: http/tests/security/xss-DENIED-defineProperty) still
fails but
with "Unexpected text diff mismatch" (the expected result has way less
access
denied printouts then the output from us)
Description:
Added access check to SetNormalizedProperty which is used from runtime
DefineOrRedefineDataProperty.
Please review this at http://codereview.chromium.org/647010
SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/
Affected files:
M src/objects.cc
Index: src/objects.cc
===================================================================
--- src/objects.cc (revision 3895)
+++ src/objects.cc (working copy)
@@ -417,6 +417,12 @@
Object* value,
PropertyDetails details) {
ASSERT(!HasFastProperties());
+ if (IsAccessCheckNeeded() &&
+ !Top::MayNamedAccess(this, name, v8::ACCESS_SET)) {
+ Top::ReportFailedAccessCheck(this, v8::ACCESS_SET);
+ return Heap::false_value();
+ }
+
int entry = property_dictionary()->FindEntry(name);
if (entry == StringDictionary::kNotFound) {
Object* store_value = value;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
