[v8-dev] Better security checks when accessing named properties via Object.getOwnPropertyDescriptor. (issue6286020)

antonm Tue, 01 Feb 2011 11:19:01 -0800

Reviewers: Mads Ager, Rico,

Message:
Mads and Rico,


next variation.  May you have a look?

Description:
Better security checks when accessing named properties via
Object.getOwnPropertyDescriptor.

Current approach returns undefined descriptor if caller is not granted
v8::HAS_ACCESS.
If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS
check is
performed and value property of the descriptor is set to undefined if caller
doesn't

have proper access. For JS accessors both v8::GET_ACCESS andv8::SET_ACCESS are

checked
and affect if getter and setter would be stored in the descriptor.

Please review this at http://codereview.chromium.org/6286020/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/runtime.cc
  M test/cctest/test-api.cc


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Better security checks when accessing named properties via Object.getOwnPropertyDescriptor. (issue6286020)

Reply via email to