Revision: 6848
Author: [email protected]
Date: Fri Feb 18 02:39:02 2011
Log: Add access checks to Object.preventExtensions + add regression test
for 1027.
Object.preventExtensions can currently be used cross-domain. With this
change we follow firefox (IE9 has our current behaviour). In addition
this includes a regression test for 1027 and access tests for
Object.seal and Object.freeze.
Review URL: http://codereview.chromium.org/6534019
http://code.google.com/p/v8/source/detail?r=6848
Modified:
/branches/bleeding_edge/src/objects.cc
/branches/bleeding_edge/src/runtime.cc
/branches/bleeding_edge/test/cctest/test-api.cc
=======================================
--- /branches/bleeding_edge/src/objects.cc Wed Feb 16 04:10:48 2011
+++ /branches/bleeding_edge/src/objects.cc Fri Feb 18 02:39:02 2011
@@ -2813,6 +2813,12 @@
MaybeObject* JSObject::PreventExtensions() {
+ if (IsAccessCheckNeeded() &&
+ !Top::MayNamedAccess(this, Heap::undefined_value(),
v8::ACCESS_KEYS)) {
+ Top::ReportFailedAccessCheck(this, v8::ACCESS_KEYS);
+ return Heap::false_value();
+ }
+
if (IsJSGlobalProxy()) {
Object* proto = GetPrototype();
if (proto->IsNull()) return this;
=======================================
--- /branches/bleeding_edge/src/runtime.cc Thu Feb 17 13:04:53 2011
+++ /branches/bleeding_edge/src/runtime.cc Fri Feb 18 02:39:02 2011
@@ -3690,6 +3690,8 @@
is_element) {
// Normalize the elements to enable attributes on the property.
if (js_object->IsJSGlobalProxy()) {
+ // We do not need to do access checks here since these has already
+ // been performed by the call to GetOwnProperty.
Handle<Object> proto(js_object->GetPrototype());
// If proxy is detached, ignore the assignment. Alternatively,
// we could throw an exception.
=======================================
--- /branches/bleeding_edge/test/cctest/test-api.cc Wed Feb 16 05:31:12 2011
+++ /branches/bleeding_edge/test/cctest/test-api.cc Fri Feb 18 02:39:02 2011
@@ -5652,8 +5652,7 @@
}
-// This is a regression test for issue 1154.
-TEST(AccessControlObjectKeys) {
+TEST(AccessControlES5) {
v8::HandleScope handle_scope;
v8::Handle<v8::ObjectTemplate> global_template =
v8::ObjectTemplate::New();
@@ -5677,7 +5676,29 @@
v8::Handle<v8::Object> global1 = context1->Global();
global1->Set(v8_str("other"), global0);
+ // Regression test for issue 1154.
ExpectTrue("Object.keys(other).indexOf('blocked_prop') == -1");
+
+ ExpectUndefined("other.blocked_prop");
+
+ // Regression test for issue 1027.
+ CompileRun("Object.defineProperty(\n"
+ " other, 'blocked_prop', {configurable: false})");
+ ExpectUndefined("other.blocked_prop");
+ ExpectUndefined(
+ "Object.getOwnPropertyDescriptor(other, 'blocked_prop')");
+
+ // Regression test for issue 1171.
+ ExpectTrue("Object.isExtensible(other)");
+ CompileRun("Object.preventExtensions(other)");
+ ExpectTrue("Object.isExtensible(other)");
+
+ // Object.seal and Object.freeze.
+ CompileRun("Object.freeze(other)");
+ ExpectTrue("Object.isExtensible(other)");
+
+ CompileRun("Object.seal(other)");
+ ExpectTrue("Object.isExtensible(other)");
}
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
