Revision: 21071
Author: [email protected]
Date: Wed Apr 30 07:36:12 2014 UTC
Log: Bugfix: internationalization routines fail on monkeypatching.
Calls to Object.defineProperty() and Object.apply() are not safe.
[email protected]
Review URL: https://codereview.chromium.org/253903003
http://code.google.com/p/v8/source/detail?r=21071
Added:
/branches/bleeding_edge/test/mjsunit/regress/regress-builtinbust-7.js
Modified:
/branches/bleeding_edge/src/i18n.js
=======================================
--- /dev/null
+++ /branches/bleeding_edge/test/mjsunit/regress/regress-builtinbust-7.js
Wed Apr 30 07:36:12 2014 UTC
@@ -0,0 +1,30 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+function overflow() {
+ return overflow() + 1;
+}
+Object.defineProperty = overflow;
+assertDoesNotThrow(function() { Intl.Collator.supportedLocalesOf("en"); });
+
+var date = new Date(Date.UTC(2004, 12, 25, 3, 0, 0));
+var options = {
+ weekday: "long",
+ year: "numeric",
+ month: "long",
+ day: "numeric"
+};
+
+Object.apply = overflow;
+assertDoesNotThrow(function() { date.toLocaleDateString("de-DE", options);
});
+
+var options_incomplete = {};
+assertDoesNotThrow(function() {
+ date.toLocaleDateString("de-DE", options_incomplete);
+});
+assertTrue(options_incomplete.hasOwnProperty("year"));
+
+assertDoesNotThrow(function() { date.toLocaleDateString("de-DE",
undefined); });
+assertDoesNotThrow(function() { date.toLocaleDateString("de-DE"); });
+assertThrows(function() { date.toLocaleDateString("de-DE", null); },
TypeError);
=======================================
--- /branches/bleeding_edge/src/i18n.js Tue Apr 29 06:42:26 2014 UTC
+++ /branches/bleeding_edge/src/i18n.js Wed Apr 30 07:36:12 2014 UTC
@@ -258,7 +258,7 @@
%FunctionRemovePrototype(getter);
%SetNativeFlag(getter);
- $Object.defineProperty(obj.prototype, methodName, {
+ ObjectDefineProperty(obj.prototype, methodName, {
get: getter,
enumerable: false,
configurable: true
@@ -593,15 +593,14 @@
*/
function freezeArray(array) {
array.forEach(function(element, index) {
- $Object.defineProperty(array, index, {value: element,
+ ObjectDefineProperty(array, index, {value: element,
configurable: false,
writable: false,
enumerable: true});
});
- $Object.defineProperty(array, 'length', {value: array.length,
- writable: false});
-
+ ObjectDefineProperty(array, 'length', {value: array.length,
+ writable: false});
return array;
}
@@ -662,8 +661,8 @@
* Configurable is false by default.
*/
function defineWEProperty(object, property, value) {
- $Object.defineProperty(object, property,
- {value: value, writable: true, enumerable: true});
+ ObjectDefineProperty(object, property,
+ {value: value, writable: true, enumerable: true});
}
@@ -682,11 +681,11 @@
* Defines a property and sets writable, enumerable and configurable to
true.
*/
function defineWECProperty(object, property, value) {
- $Object.defineProperty(object, property,
- {value: value,
- writable: true,
- enumerable: true,
- configurable: true});
+ ObjectDefineProperty(object, property,
+ {value: value,
+ writable: true,
+ enumerable: true,
+ configurable: true});
}
@@ -925,8 +924,8 @@
// We define all properties C++ code may produce, to prevent security
// problems. If malicious user decides to redefine
Object.prototype.locale
// we can't just use plain x.locale = 'us' or in C++ Set("locale", "us").
- // Object.defineProperties will either succeed defining or throw an
error.
- var resolved = $Object.defineProperties({}, {
+ // ObjectDefineProperties will either succeed defining or throw an error.
+ var resolved = ObjectDefineProperties({}, {
caseFirst: {writable: true},
collation: {value: internalOptions.collation, writable: true},
ignorePunctuation: {writable: true},
@@ -944,7 +943,7 @@
// Writable, configurable and enumerable are set to false by default.
%MarkAsInitializedIntlObjectOfType(collator, 'collator',
internalCollator);
- $Object.defineProperty(collator, 'resolved', {value: resolved});
+ ObjectDefineProperty(collator, 'resolved', {value: resolved});
return collator;
}
@@ -1141,7 +1140,7 @@
getOption, internalOptions);
var requestedLocale = locale.locale + extension;
- var resolved = $Object.defineProperties({}, {
+ var resolved = ObjectDefineProperties({}, {
currency: {writable: true},
currencyDisplay: {writable: true},
locale: {writable: true},
@@ -1166,12 +1165,12 @@
// We can't get information about number or currency style from ICU, so
we
// assume user request was fulfilled.
if (internalOptions.style === 'currency') {
- $Object.defineProperty(resolved, 'currencyDisplay', {value:
currencyDisplay,
- writable: true});
+ ObjectDefineProperty(resolved, 'currencyDisplay', {value:
currencyDisplay,
+ writable: true});
}
%MarkAsInitializedIntlObjectOfType(numberFormat, 'numberformat',
formatter);
- $Object.defineProperty(numberFormat, 'resolved', {value: resolved});
+ ObjectDefineProperty(numberFormat, 'resolved', {value: resolved});
return numberFormat;
}
@@ -1443,12 +1442,10 @@
*/
function toDateTimeOptions(options, required, defaults) {
if (options === undefined) {
- options = null;
+ options = {};
} else {
- options = toObject(options);
+ options = TO_OBJECT_INLINE(options);
}
-
- options = $Object.apply(this, [options]);
var needsDefault = true;
if ((required === 'date' || required === 'any') &&
@@ -1464,30 +1461,30 @@
}
if (needsDefault && (defaults === 'date' || defaults === 'all')) {
- $Object.defineProperty(options, 'year', {value: 'numeric',
- writable: true,
- enumerable: true,
- configurable: true});
- $Object.defineProperty(options, 'month', {value: 'numeric',
- writable: true,
- enumerable: true,
- configurable: true});
- $Object.defineProperty(options, 'day', {value: 'numeric',
+ ObjectDefineProperty(options, 'year', {value: 'numeric',
+ writable: true,
+ enumerable: true,
+ configurable: true});
+ ObjectDefineProperty(options, 'month', {value: 'numeric',
writable: true,
enumerable: true,
configurable: true});
+ ObjectDefineProperty(options, 'day', {value: 'numeric',
+ writable: true,
+ enumerable: true,
+ configurable: true});
}
if (needsDefault && (defaults === 'time' || defaults === 'all')) {
- $Object.defineProperty(options, 'hour', {value: 'numeric',
+ ObjectDefineProperty(options, 'hour', {value: 'numeric',
writable: true,
enumerable: true,
configurable: true});
- $Object.defineProperty(options, 'minute', {value: 'numeric',
+ ObjectDefineProperty(options, 'minute', {value: 'numeric',
writable: true,
enumerable: true,
configurable: true});
- $Object.defineProperty(options, 'second', {value: 'numeric',
+ ObjectDefineProperty(options, 'second', {value: 'numeric',
writable: true,
enumerable: true,
configurable: true});
@@ -1538,7 +1535,7 @@
getOption, internalOptions);
var requestedLocale = locale.locale + extension;
- var resolved = $Object.defineProperties({}, {
+ var resolved = ObjectDefineProperties({}, {
calendar: {writable: true},
day: {writable: true},
era: {writable: true},
@@ -1566,7 +1563,7 @@
}
%MarkAsInitializedIntlObjectOfType(dateFormat, 'dateformat', formatter);
- $Object.defineProperty(dateFormat, 'resolved', {value: resolved});
+ ObjectDefineProperty(dateFormat, 'resolved', {value: resolved});
return dateFormat;
}
@@ -1760,7 +1757,7 @@
'type', 'string', ['character', 'word', 'sentence', 'line'], 'word'));
var locale = resolveLocale('breakiterator', locales, options);
- var resolved = $Object.defineProperties({}, {
+ var resolved = ObjectDefineProperties({}, {
requestedLocale: {value: locale.locale, writable: true},
type: {value: internalOptions.type, writable: true},
locale: {writable: true}
@@ -1772,7 +1769,7 @@
%MarkAsInitializedIntlObjectOfType(iterator, 'breakiterator',
internalIterator);
- $Object.defineProperty(iterator, 'resolved', {value: resolved});
+ ObjectDefineProperty(iterator, 'resolved', {value: resolved});
return iterator;
}
@@ -1938,7 +1935,7 @@
* Compares this and that, and returns less than 0, 0 or greater than 0
value.
* Overrides the built-in method.
*/
-$Object.defineProperty($String.prototype, 'localeCompare', {
+ObjectDefineProperty($String.prototype, 'localeCompare', {
value: function(that) {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
@@ -1969,7 +1966,7 @@
* If the form is not one of "NFC", "NFD", "NFKC", or "NFKD", then throw
* a RangeError Exception.
*/
-$Object.defineProperty($String.prototype, 'normalize', {
+ObjectDefineProperty($String.prototype, 'normalize', {
value: function(that) {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
@@ -2000,7 +1997,7 @@
* Formats a Number object (this) using locale and options values.
* If locale or options are omitted, defaults are used.
*/
-$Object.defineProperty($Number.prototype, 'toLocaleString', {
+ObjectDefineProperty($Number.prototype, 'toLocaleString', {
value: function() {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
@@ -2050,7 +2047,7 @@
* If locale or options are omitted, defaults are used - both date and
time are
* present in the output.
*/
-$Object.defineProperty($Date.prototype, 'toLocaleString', {
+ObjectDefineProperty($Date.prototype, 'toLocaleString', {
value: function() {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
@@ -2075,7 +2072,7 @@
* If locale or options are omitted, defaults are used - only date is
present
* in the output.
*/
-$Object.defineProperty($Date.prototype, 'toLocaleDateString', {
+ObjectDefineProperty($Date.prototype, 'toLocaleDateString', {
value: function() {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
@@ -2100,7 +2097,7 @@
* If locale or options are omitted, defaults are used - only time is
present
* in the output.
*/
-$Object.defineProperty($Date.prototype, 'toLocaleTimeString', {
+ObjectDefineProperty($Date.prototype, 'toLocaleTimeString', {
value: function() {
if (%_IsConstructCall()) {
throw new $TypeError(ORDINARY_FUNCTION_CALLED_AS_CONSTRUCTOR);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
