Reviewers: verwaest1,
Message:
Please take a look.
Description:
Fall back to generic on access checks in JSON.stringify.
BUG=259366
Please review this at https://codereview.chromium.org/18225006/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/json-stringifier.h
M test/cctest/test-api.cc
Index: src/json-stringifier.h
diff --git a/src/json-stringifier.h b/src/json-stringifier.h
index
31aebd6ddbb2496e88a387bdcc21b389559f0403..6e414ccee0e02ed539fbee5040643275fbfdb315
100644
--- a/src/json-stringifier.h
+++ b/src/json-stringifier.h
@@ -434,6 +434,7 @@ BasicJsonStringifier::Result
BasicJsonStringifier::Serialize_(
return UNCHANGED;
}
case JS_ARRAY_TYPE:
+ if (object->IsAccessCheckNeeded()) break;
if (deferred_string_key) SerializeDeferredKey(comma, key);
return SerializeJSArray(Handle<JSArray>::cast(object));
case JS_VALUE_TYPE:
@@ -447,12 +448,13 @@ BasicJsonStringifier::Result
BasicJsonStringifier::Serialize_(
SerializeString(Handle<String>::cast(object));
return SUCCESS;
} else if (object->IsJSObject()) {
+ if (object->IsAccessCheckNeeded()) break;
if (deferred_string_key) SerializeDeferredKey(comma, key);
return SerializeJSObject(Handle<JSObject>::cast(object));
- } else {
- return SerializeGeneric(object, key, comma, deferred_string_key);
}
}
+
+ return SerializeGeneric(object, key, comma, deferred_string_key);
}
Index: test/cctest/test-api.cc
diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
index
406d4048a880a7bf8ce506f9a9319d9128930d17..8d9b32b05c889fbb14c562ac82705e7620e98134
100644
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -19715,4 +19715,76 @@ THREADED_TEST(SemaphoreInterruption) {
ThreadInterruptTest().RunTest();
}
+
+static bool NamedAccessAlwaysBlocked(Local<v8::Object> global,
+ Local<Value> name,
+ v8::AccessType type,
+ Local<Value> data) {
+ i::PrintF("Named access blocked.\n");
+ return false;
+}
+
+
+static bool IndexAccessAlwaysBlocked(Local<v8::Object> global,
+ uint32_t key,
+ v8::AccessType type,
+ Local<Value> data) {
+ i::PrintF("Indexed access blocked.\n");
+ return false;
+}
+
+
+void UnreachableCallback(const v8::FunctionCallbackInfo<v8::Value>& args) {
+ CHECK(false);
+}
+
+
+TEST(JSONStringifyAccessCheck) {
+ v8::V8::Initialize();
+ v8::HandleScope scope(v8::Isolate::GetCurrent());
+
+ // Create an ObjectTemplate for global objects and install access
+ // check callbacks that will block access.
+ v8::Handle<v8::ObjectTemplate> global_template =
v8::ObjectTemplate::New();
+ global_template->SetAccessCheckCallbacks(NamedAccessAlwaysBlocked,
+ IndexAccessAlwaysBlocked);
+
+ // Create a context and set an x property on it's global object.
+ LocalContext context0(NULL, global_template);
+ v8::Handle<v8::Object> global0 = context0->Global();
+ global0->Set(v8_str("x"), v8_num(42));
+ ExpectString("JSON.stringify(this)", "{\"x\":42}");
+
+ for (int i = 0; i < 2; i++) {
+ if (i == 1) {
+ // Install a toJSON function on the second run.
+ v8::Handle<v8::FunctionTemplate> toJSON =
+ v8::FunctionTemplate::New(UnreachableCallback);
+
+ global0->Set(v8_str("toJSON"), toJSON->GetFunction());
+ }
+ // Create a context with a different security token so that the
+ // failed access check callback will be called on each access.
+ LocalContext context1(NULL, global_template);
+ context1->Global()->Set(v8_str("other"), global0);
+
+ ExpectString("JSON.stringify(other)", "{}");
+ ExpectString("JSON.stringify({ 'a' : other, 'b' : ['c'] })",
+ "{\"a\":{},\"b\":[\"c\"]}");
+ ExpectString("JSON.stringify([other, 'b', 'c'])",
+ "[{},\"b\",\"c\"]");
+
+ v8::Handle<v8::Array> array = v8::Array::New(2);
+ array->Set(0, v8_str("a"));
+ array->Set(1, v8_str("b"));
+ context1->Global()->Set(v8_str("array"), array);
+ ExpectString("JSON.stringify(array)", "[\"a\",\"b\"]");
+ array->TurnOnAccessCheck();
+ ExpectString("JSON.stringify(array)", "[]");
+ ExpectString("JSON.stringify([array])", "[[]]");
+ ExpectString("JSON.stringify({'a' : array})", "{\"a\":[]}");
+ }
+}
+
+
#endif // WIN32
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
