http://codereview.chromium.org/7701023/diff/1/src/runtime.cc File src/runtime.cc (right):
http://codereview.chromium.org/7701023/diff/1/src/runtime.cc#newcode687 src/runtime.cc:687: if (obj->IsJSGlobalProxy()) { You shouldn't restrict this to global proxies. Any object can require access checks. When navigating a page the proxy is detached and access checks are enabled on the actual global object instead (the actual global becomes its own proxy). http://codereview.chromium.org/7701023/diff/1/src/runtime.cc#newcode699 src/runtime.cc:699: obj = obj->GetPrototype(); Since access checks can be enabled on any JSObject I guess the access check should actually be moved in here? http://codereview.chromium.org/7701023/ -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
