Reviewers: rossberg, dcarney, Toon Verwaest,
Description:
Re-enable Object.observe and add enforcement for security invariants.
This patch reverts r21062 which disabled Object.observe and the relevant
tests.
It also adds enforcement for the following three invariants:
1) No observer may receive a change record describing changes to an object
which
is in different security origin (context have differing security tokens)
2) No observer may receive a change record whose context's security token is
different from that of the object described by the change.
3) Object.getNotifier will return null if the call and the provided object
are
in differing security origins
Tests are included.
R=rossberg
BUG=367817
LOG=Y
Please review this at https://codereview.chromium.org/265503002/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+346, -277 lines):
M src/api.cc
M src/object-observe.js
M src/objects.h
M src/objects.cc
M src/runtime.h
M src/runtime.cc
M test/cctest/cctest.status
M test/cctest/test-object-observe.cc
M test/mjsunit/mjsunit.status
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
