[webkit-changes] [205258] trunk

[cdumez]

Title: [205258] trunk

Revision

205258

Author

cdu...@apple.com

Date

2016-08-31 12:03:53 -0700 (Wed, 31 Aug 2016)

Log Message

Object.getPrototypeOf() should return null cross-origin
https://bugs.webkit.org/show_bug.cgi?id=161393

Reviewed by Geoffrey Garen.

Source/_javascript_Core:

Object.getPrototypeOf() should return null cross-origin:
- https://html.spec.whatwg.org/#windowproxy-getprototypeof
- https://html.spec.whatwg.org/#location-getprototypeof

Firefox and Chrome return null. However, WebKit was returning undefined.

* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):

LayoutTests:

Add layout test coverage.

* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt
• trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (205257 => 205258)

--- trunk/LayoutTests/ChangeLog	2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/ChangeLog	2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,3 +1,15 @@
+2016-08-31  Chris Dumez  <cdu...@apple.com>
+
+        Object.getPrototypeOf() should return null cross-origin
+        https://bugs.webkit.org/show_bug.cgi?id=161393
+
+        Reviewed by Geoffrey Garen.
+
+        Add layout test coverage.
+
+        * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
+        * http/tests/security/cross-frame-access-object-getPrototypeOf.html:
+
 2016-08-31  Jiewen Tan  <jiewen_...@apple.com>
 
         Unreviewed, update iOS simulator WK1 flaky tests.

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (205257 => 205258)

--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt	2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt	2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,7 +1,9 @@
 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
 This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().
 
-PASS: Object.getPrototypeOf(targetWindow) should be 'undefined' and is.
+PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is.
+PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is.
 PASS targetWindow.history threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
 PASS: successfullyParsed should be 'true' and is.
 

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (205257 => 205258)

--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html	2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html	2016-08-31 19:03:53 UTC (rev 205258)
@@ -16,7 +16,8 @@
         {
             targetWindow = document.getElementById("target").contentWindow;
 
-            shouldBeUndefined("Object.getPrototypeOf(targetWindow)");
+            shouldBeNull("Object.getPrototypeOf(targetWindow)");
+            shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
             shouldThrowErrorName("targetWindow.history", "SecurityError");
 
             finishJSTest();

Modified: trunk/Source/_javascript_Core/ChangeLog (205257 => 205258)

--- trunk/Source/_javascript_Core/ChangeLog	2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,3 +1,19 @@
+2016-08-31  Chris Dumez  <cdu...@apple.com>
+
+        Object.getPrototypeOf() should return null cross-origin
+        https://bugs.webkit.org/show_bug.cgi?id=161393
+
+        Reviewed by Geoffrey Garen.
+
+        Object.getPrototypeOf() should return null cross-origin:
+        - https://html.spec.whatwg.org/#windowproxy-getprototypeof
+        - https://html.spec.whatwg.org/#location-getprototypeof
+
+        Firefox and Chrome return null. However, WebKit was returning undefined.
+
+        * runtime/ObjectConstructor.cpp:
+        (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
+
 2016-08-31  Yusuke Suzuki  <utatane....@gmail.com>
 
         [JSC] AbstractValue can contain padding which is not zero-filled

Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (205257 => 205258)

--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp	2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp	2016-08-31 19:03:53 UTC (rev 205258)
@@ -187,6 +187,8 @@
 
         if (m_object->allowsAccessFrom(visitor->callFrame()))
             m_result = m_object->getPrototype(m_exec->vm(), m_exec);
+        else
+            m_result = jsNull();
         return StackVisitor::Done;
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes