Title: [205258] trunk
- Revision
- 205258
- Author
- [email protected]
- Date
- 2016-08-31 12:03:53 -0700 (Wed, 31 Aug 2016)
Log Message
Object.getPrototypeOf() should return null cross-origin
https://bugs.webkit.org/show_bug.cgi?id=161393
Reviewed by Geoffrey Garen.
Source/_javascript_Core:
Object.getPrototypeOf() should return null cross-origin:
- https://html.spec.whatwg.org/#windowproxy-getprototypeof
- https://html.spec.whatwg.org/#location-getprototypeof
Firefox and Chrome return null. However, WebKit was returning undefined.
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
LayoutTests:
Add layout test coverage.
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (205257 => 205258)
--- trunk/LayoutTests/ChangeLog 2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/ChangeLog 2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,3 +1,15 @@
+2016-08-31 Chris Dumez <[email protected]>
+
+ Object.getPrototypeOf() should return null cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=161393
+
+ Reviewed by Geoffrey Garen.
+
+ Add layout test coverage.
+
+ * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
+ * http/tests/security/cross-frame-access-object-getPrototypeOf.html:
+
2016-08-31 Jiewen Tan <[email protected]>
Unreviewed, update iOS simulator WK1 flaky tests.
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (205257 => 205258)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,7 +1,9 @@
CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().
-PASS: Object.getPrototypeOf(targetWindow) should be 'undefined' and is.
+PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is.
+PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is.
PASS targetWindow.history threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: successfullyParsed should be 'true' and is.
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (205257 => 205258)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-08-31 19:03:53 UTC (rev 205258)
@@ -16,7 +16,8 @@
{
targetWindow = document.getElementById("target").contentWindow;
- shouldBeUndefined("Object.getPrototypeOf(targetWindow)");
+ shouldBeNull("Object.getPrototypeOf(targetWindow)");
+ shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
shouldThrowErrorName("targetWindow.history", "SecurityError");
finishJSTest();
Modified: trunk/Source/_javascript_Core/ChangeLog (205257 => 205258)
--- trunk/Source/_javascript_Core/ChangeLog 2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-08-31 19:03:53 UTC (rev 205258)
@@ -1,3 +1,19 @@
+2016-08-31 Chris Dumez <[email protected]>
+
+ Object.getPrototypeOf() should return null cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=161393
+
+ Reviewed by Geoffrey Garen.
+
+ Object.getPrototypeOf() should return null cross-origin:
+ - https://html.spec.whatwg.org/#windowproxy-getprototypeof
+ - https://html.spec.whatwg.org/#location-getprototypeof
+
+ Firefox and Chrome return null. However, WebKit was returning undefined.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
+
2016-08-31 Yusuke Suzuki <[email protected]>
[JSC] AbstractValue can contain padding which is not zero-filled
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (205257 => 205258)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-08-31 18:36:46 UTC (rev 205257)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-08-31 19:03:53 UTC (rev 205258)
@@ -187,6 +187,8 @@
if (m_object->allowsAccessFrom(visitor->callFrame()))
m_result = m_object->getPrototype(m_exec->vm(), m_exec);
+ else
+ m_result = jsNull();
return StackVisitor::Done;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes