Diff
Modified: trunk/LayoutTests/ChangeLog (205371 => 205372)
--- trunk/LayoutTests/ChangeLog 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/ChangeLog 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,3 +1,30 @@
+2016-09-02 Chris Dumez <[email protected]>
+
+ Unreviewed, roll out r205354 because it caused JSC test failures
+
+ * fast/dom/Window/script-tests/window-custom-prototype.js: Added.
+ * fast/dom/Window/window-custom-prototype-crash-expected.txt:
+ * fast/dom/Window/window-custom-prototype-expected.txt: Added.
+ * fast/dom/Window/window-custom-prototype.html: Added.
+ * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
+ * http/tests/security/cross-frame-access-object-getPrototypeOf.html:
+ * http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
+ * http/tests/security/cross-frame-access-object-setPrototypeOf.html:
+ * http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt:
+ * http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html:
+ * http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt:
+ * http/tests/security/xss-DENIED-method-with-iframe-proto.html:
+ * http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt:
+ * http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html:
+ * http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt:
+ * http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html:
+ * js/dom/setPrototypeOf-location-window-expected.txt: Removed.
+ * js/dom/setPrototypeOf-location-window.html: Removed.
+ * js/object-literal-shorthand-construction-expected.txt:
+ * js/script-tests/object-literal-shorthand-construction.js:
+ * js/script-tests/sloppy-getter-setter-global-object.js:
+ * js/sloppy-getter-setter-global-object-expected.txt:
+
2016-09-02 Ryan Haddad <[email protected]>
Rebaseline fast/mediastream/MediaStreamTrack-getSettings.html after r205348.
Added: trunk/LayoutTests/fast/dom/Window/script-tests/window-custom-prototype.js (0 => 205372)
--- trunk/LayoutTests/fast/dom/Window/script-tests/window-custom-prototype.js (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/script-tests/window-custom-prototype.js 2016-09-02 21:41:58 UTC (rev 205372)
@@ -0,0 +1,18 @@
+description("Test what happens when you set the window's prototype to various values.");
+
+var originalWindowPrototype = __proto__;
+var chainPointingBackToWindow = { __proto__: window };
+var anotherObject = { };
+
+shouldThrow("__proto__ = window; __proto", "'TypeError: cyclic __proto__ value'");
+shouldThrow("__proto__ = chainPointingBackToWindow; __proto__", "'TypeError: cyclic __proto__ value'");
+shouldBe("__proto__ = 1; __proto__", "originalWindowPrototype");
+shouldBe("__proto__ = 'a string'; __proto__", "originalWindowPrototype");
+shouldBe("__proto__ = anotherObject; __proto__", "anotherObject");
+shouldThrow("anotherObject.__proto__ = window; __proto__", "'TypeError: cyclic __proto__ value'");
+shouldBe("__proto__ = 1; __proto__", "anotherObject");
+shouldBe("__proto__ = 'a string'; __proto__", "anotherObject");
+shouldBe("__proto__ = anotherObject; __proto__", "anotherObject");
+shouldBe("__proto__ = originalWindowPrototype; __proto__", "originalWindowPrototype");
+shouldBe("anotherObject.__proto__ = window; anotherObject.__proto__", "window");
+shouldBe("__proto__ = null; __proto__", "null");
Modified: trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt (205371 => 205372)
--- trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,2 +1 @@
-CONSOLE MESSAGE: line 7: TypeError: Cannot set prototype of this object
If this did not crash the test has succeeded.
Added: trunk/LayoutTests/fast/dom/Window/window-custom-prototype-expected.txt (0 => 205372)
--- trunk/LayoutTests/fast/dom/Window/window-custom-prototype-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/window-custom-prototype-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -0,0 +1,21 @@
+Test what happens when you set the window's prototype to various values.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS __proto__ = window; __proto threw exception TypeError: cyclic __proto__ value.
+PASS __proto__ = chainPointingBackToWindow; __proto__ threw exception TypeError: cyclic __proto__ value.
+PASS __proto__ = 1; __proto__ is originalWindowPrototype
+PASS __proto__ = 'a string'; __proto__ is originalWindowPrototype
+PASS __proto__ = anotherObject; __proto__ is anotherObject
+PASS anotherObject.__proto__ = window; __proto__ threw exception TypeError: cyclic __proto__ value.
+PASS __proto__ = 1; __proto__ is anotherObject
+PASS __proto__ = 'a string'; __proto__ is anotherObject
+PASS __proto__ = anotherObject; __proto__ is anotherObject
+PASS __proto__ = originalWindowPrototype; __proto__ is originalWindowPrototype
+PASS anotherObject.__proto__ = window; anotherObject.__proto__ is window
+PASS __proto__ = null; __proto__ is null
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/dom/Window/window-custom-prototype.html (0 => 205372)
--- trunk/LayoutTests/fast/dom/Window/window-custom-prototype.html (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/window-custom-prototype.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,9 +1,9 @@
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().
PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is.
PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is.
-PASS: protoGetter.call(targetWindow) should be 'null' and is.
-PASS: protoGetter.call(targetWindow.location) should be 'null' and is.
PASS targetWindow.history threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: successfullyParsed should be 'true' and is.
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -18,10 +18,6 @@
shouldBeNull("Object.getPrototypeOf(targetWindow)");
shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
- protoGetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get;
- shouldBeNull("protoGetter.call(targetWindow)");
- shouldBeNull("protoGetter.call(targetWindow.location)");
-
shouldThrowErrorName("targetWindow.history", "SecurityError");
finishJSTest();
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This tests that you can't set the prototype of the window or location objects cross-origin using Object.setPrototypeOf()
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
@@ -4,17 +6,11 @@
PASS: targetWindow instanceof Array should be 'false' and is.
-PASS Object.setPrototypeOf(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
+PASS Object.setPrototypeOf(targetWindow, Array.prototype) threw exception TypeError: Permission denied.
PASS: targetWindow instanceof Array should be 'false' and is.
PASS: targetWindow.location instanceof Array should be 'false' and is.
-PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
+PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Permission denied.
PASS: targetWindow.location instanceof Array should be 'false' and is.
-PASS: targetWindow instanceof Array should be 'false' and is.
-PASS protoSetter.call(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS: targetWindow instanceof Array should be 'false' and is.
-PASS: targetWindow.location instanceof Array should be 'false' and is.
-PASS protoSetter.call(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS: targetWindow.location instanceof Array should be 'false' and is.
PASS: successfullyParsed should be 'true' and is.
TEST COMPLETE
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -24,15 +24,6 @@
shouldThrowErrorName("Object.setPrototypeOf(targetWindow.location, Array.prototype)", "TypeError");
shouldBeFalse("targetWindow.location instanceof Array");
- protoSetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').set;
- shouldBeFalse("targetWindow instanceof Array");
- shouldThrowErrorName("protoSetter.call(targetWindow, Array.prototype)", "TypeError");
- shouldBeFalse("targetWindow instanceof Array");
-
- shouldBeFalse("targetWindow.location instanceof Array");
- shouldThrowErrorName("protoSetter.call(targetWindow.location, Array.prototype)", "TypeError");
- shouldBeFalse("targetWindow.location instanceof Array");
-
finishJSTest();
}
</script>
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -4,7 +4,6 @@
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-PASS __proto__ = targetWindow threw exception TypeError: Cannot set prototype of this object.
PASS targetWindow.myinput threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: successfullyParsed should be 'true' and is.
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -14,7 +14,7 @@
targetWindow = frames[0];
window._onload_ = function() {
- shouldThrowErrorName("__proto__ = targetWindow", "TypeError");
+ __proto__ = targetWindow;
shouldThrowErrorName('targetWindow.myinput', 'SecurityError');
finishJSTest();
}
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,14 +1,6 @@
-CONSOLE MESSAGE: line 36: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 43: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 50: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 40: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 47: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 54: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
Tests that making other frame window a prototype doesn't expose that window methods
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS __proto__ = targetWindow threw exception TypeError: Cannot set prototype of this object.
-PASS: successfullyParsed should be 'true' and is.
-
-TEST COMPLETE
-
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,6 +1,5 @@
<html>
<head>
-<script src=""
<script src=""
</head>
<body>
@@ -7,9 +6,13 @@
<iframe src="" style=""></iframe>
<pre id="console"></pre>
<script>
-description("Tests that making other frame window a prototype doesn't expose that window methods");
-jsTestIsAsync = true;
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+log("Tests that making other frame window a prototype doesn't expose that window methods");
+
targetWindow = frames[0];
wasInvoked = false;
@@ -20,13 +23,14 @@
function check() {
shouldBeFalse('this.wasInvoked');
- finishJSTest();
+ if (window.testRunner)
+ testRunner.notifyDone();
}
window._onload_ = function() {
originalSetTimeout = setTimeout;
- shouldThrowErrorName("__proto__ = targetWindow", "TypeError");
+ __proto__ = targetWindow;
var needsCheck = false;
try {
@@ -53,10 +57,10 @@
if (needsCheck) {
originalSetTimeout(check, 10);
} else {
- finishJSTest();
+ if (window.testRunner)
+ testRunner.notifyDone();
}
}
</script>
-<script src=""
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,13 +1,5 @@
Tests that making other frame window a prototype doesn't expose that window properties
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS __proto__ = targetWindow threw exception TypeError: Cannot set prototype of this object.
PASS: location === originalLocation should be 'true' and is.
PASS: this.location === originalLocation should be 'true' and is.
-PASS: successfullyParsed should be 'true' and is.
-TEST COMPLETE
-
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,6 +1,5 @@
<html>
<head>
-<script src=""
<script src=""
</head>
<body>
@@ -7,21 +6,21 @@
<iframe src="" style=""></iframe>
<pre id="console"></pre>
<script>
-description("Tests that making other frame window a prototype doesn't expose that window properties");
-jsTestIsAsync = true;
+if (window.testRunner)
+ testRunner.dumpAsText();
+log("Tests that making other frame window a prototype doesn't expose that window properties");
+
targetWindow = frames[0];
window._onload_ = function() {
originalLocation = location;
- shouldThrowErrorName("__proto__ = targetWindow", "TypeError");
+ __proto__ = targetWindow;
shouldBeTrue('location === originalLocation');
shouldBeTrue('this.location === originalLocation');
- finishJSTest();
}
</script>
-<script src=""
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,13 +1,5 @@
Tests that making other frame window a prototype doesn't expose that window properties
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS __proto__ = targetWindow threw exception TypeError: Cannot set prototype of this object.
PASS: innerHeight === originalInnerHeight should be 'true' and is.
PASS: this.innerHeight === originalInnerHeight should be 'true' and is.
-PASS: successfullyParsed should be 'true' and is.
-TEST COMPLETE
-
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html (205371 => 205372)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,6 +1,5 @@
<html>
<head>
-<script src=""
<script src=""
</head>
<body>
@@ -7,21 +6,21 @@
<iframe src="" style=""></iframe>
<pre id="console"></pre>
<script>
-description("Tests that making other frame window a prototype doesn't expose that window properties");
-jsTestIsAsync = true;
+if (window.testRunner)
+ testRunner.dumpAsText();
+log("Tests that making other frame window a prototype doesn't expose that window properties");
+
targetWindow = frames[0];
window._onload_ = function() {
originalInnerHeight = innerHeight;
- shouldThrowErrorName("__proto__ = targetWindow", "TypeError");
+ __proto__ = targetWindow;
shouldBeTrue('innerHeight === originalInnerHeight');
shouldBeTrue('this.innerHeight === originalInnerHeight');
- finishJSTest();
}
</script>
-<script src=""
</body>
</html>
Deleted: trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt (205371 => 205372)
--- trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,21 +0,0 @@
-Test that it is not possible to set the prototype of Window or Location.
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS Object.getPrototypeOf(window) is Window.prototype
-PASS Object.setPrototypeOf(window, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS Object.getPrototypeOf(window) is Window.prototype
-PASS Object.getPrototypeOf(window) is Window.prototype
-PASS protoSetter.call(window, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS Object.getPrototypeOf(window) is Window.prototype
-PASS Object.getPrototypeOf(window.location) is Location.prototype
-PASS Object.setPrototypeOf(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS Object.getPrototypeOf(window.location) is Location.prototype
-PASS Object.getPrototypeOf(window.location) is Location.prototype
-PASS protoSetter.call(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
-PASS Object.getPrototypeOf(window.location) is Location.prototype
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html (205371 => 205372)
--- trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,28 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script src=""
-<script>
-description("Test that it is not possible to set the prototype of Window or Location.");
-
-var protoSetter = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').set;
-
-shouldBe("Object.getPrototypeOf(window)", "Window.prototype");
-shouldThrowErrorName("Object.setPrototypeOf(window, Node.prototype)", "TypeError");
-shouldBe("Object.getPrototypeOf(window)", "Window.prototype");
-
-shouldBe("Object.getPrototypeOf(window)", "Window.prototype");
-shouldThrowErrorName("protoSetter.call(window, Node.prototype)", "TypeError");
-shouldBe("Object.getPrototypeOf(window)", "Window.prototype");
-
-shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
-shouldThrowErrorName("Object.setPrototypeOf(window.location, Node.prototype)", "TypeError");
-shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
-
-shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
-shouldThrowErrorName("protoSetter.call(window.location, Node.prototype)", "TypeError");
-shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
-</script>
-<script src=""
-</body>
-</script>
Modified: trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt (205371 => 205372)
--- trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -61,7 +61,9 @@
PASS !!Object.getOwnPropertyDescriptor({set x(value){}}, 'x').set is true
PASS !!Object.getOwnPropertyDescriptor({set 'x'(value){}}, 'x').set is true
PASS !!Object.getOwnPropertyDescriptor({set 42(value){}}, '42').set is true
-PASS __proto__ = [] threw exception TypeError: Cannot set prototype of this object.
+PASS __proto__ = []; ({__proto__: __proto__}) instanceof Array is true
+PASS __proto__ = []; ({__proto__}) instanceof Array is false
+PASS __proto__ = []; ({__proto__}).__proto__ instanceof Array is true
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/js/script-tests/object-literal-shorthand-construction.js (205371 => 205372)
--- trunk/LayoutTests/js/script-tests/object-literal-shorthand-construction.js 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/script-tests/object-literal-shorthand-construction.js 2016-09-02 21:41:58 UTC (rev 205372)
@@ -109,4 +109,7 @@
shouldBeTrue("!!Object.getOwnPropertyDescriptor({set 'x'(value){}}, 'x').set");
shouldBeTrue("!!Object.getOwnPropertyDescriptor({set 42(value){}}, '42').set");
-shouldThrowErrorName("__proto__ = []", "TypeError");
+// __proto__ shorthand should be not modify the prototype.
+shouldBeTrue("__proto__ = []; ({__proto__: __proto__}) instanceof Array");
+shouldBeFalse("__proto__ = []; ({__proto__}) instanceof Array");
+shouldBeTrue("__proto__ = []; ({__proto__}).__proto__ instanceof Array");
Modified: trunk/LayoutTests/js/script-tests/sloppy-getter-setter-global-object.js (205371 => 205372)
--- trunk/LayoutTests/js/script-tests/sloppy-getter-setter-global-object.js 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/script-tests/sloppy-getter-setter-global-object.js 2016-09-02 21:41:58 UTC (rev 205372)
@@ -33,4 +33,4 @@
shouldNotThrow("top_level_sloppy_getter();");
var top_level_sloppy_setter = Object.getOwnPropertyDescriptor(Object.prototype,'__proto__').set;
-shouldThrowErrorName("top_level_sloppy_setter(['foo']);", "TypeError");
+shouldNotThrow("top_level_sloppy_setter(['foo']);");
Modified: trunk/LayoutTests/js/sloppy-getter-setter-global-object-expected.txt (205371 => 205372)
--- trunk/LayoutTests/js/sloppy-getter-setter-global-object-expected.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/LayoutTests/js/sloppy-getter-setter-global-object-expected.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -11,7 +11,7 @@
PASS (0,Object.getOwnPropertyDescriptor(Object.prototype,'__proto__').get)() threw exception TypeError: Can't convert undefined or null to object.
PASS (0,Object.getOwnPropertyDescriptor(Object.prototype,'__proto__').set)(['foo']) threw exception TypeError: Can't convert undefined or null to object.
PASS top_level_sloppy_getter(); did not throw exception.
-PASS top_level_sloppy_setter(['foo']); threw exception TypeError: Cannot set prototype of this object.
+PASS top_level_sloppy_setter(['foo']); did not throw exception.
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/Source/_javascript_Core/ChangeLog (205371 => 205372)
--- trunk/Source/_javascript_Core/ChangeLog 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,3 +1,40 @@
+2016-09-02 Chris Dumez <[email protected]>
+
+ Unreviewed, roll out r205354 because it caused JSC test failures
+
+ * jsc.cpp:
+ * runtime/JSGlobalObject.cpp:
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::allowsAccessFrom):
+ (JSC::JSGlobalObject::setDebugger): Deleted.
+ * runtime/JSGlobalObjectFunctions.cpp:
+ (JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
+ (JSC::GlobalFuncProtoGetterFunctor::result):
+ (JSC::GlobalFuncProtoGetterFunctor::operator()):
+ (JSC::globalFuncProtoGetter):
+ (JSC::GlobalFuncProtoSetterFunctor::GlobalFuncProtoSetterFunctor):
+ (JSC::GlobalFuncProtoSetterFunctor::allowsAccess):
+ (JSC::GlobalFuncProtoSetterFunctor::operator()):
+ (JSC::checkProtoSetterAccessAllowed):
+ (JSC::globalFuncProtoSetter):
+ * runtime/JSGlobalObjectFunctions.h:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::setPrototypeWithCycleCheck):
+ (JSC::JSObject::allowsAccessFrom):
+ * runtime/JSObject.h:
+ * runtime/JSProxy.cpp:
+ * runtime/JSProxy.h:
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
+ (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
+ (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
+ (JSC::objectConstructorGetPrototypeOf):
+ (JSC::objectConstructorSetPrototypeOf):
+ * runtime/ObjectConstructor.h:
+ * runtime/ReflectObject.cpp:
+ (JSC::reflectObjectGetPrototypeOf):
+ (JSC::reflectObjectSetPrototypeOf):
+
2016-09-02 Caio Lima <[email protected]>
Register usage optimization in mathIC when LHS and RHS are constants isn't configured correctly
Modified: trunk/Source/_javascript_Core/jsc.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/jsc.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/jsc.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -903,7 +903,7 @@
};
const ClassInfo GlobalObject::s_info = { "global", &JSGlobalObject::s_info, nullptr, CREATE_METHOD_TABLE(GlobalObject) };
-const GlobalObjectMethodTable GlobalObject::s_globalObjectMethodTable = { &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, 0, &shouldInterruptScriptBeforeTimeout, &moduleLoaderResolve, &moduleLoaderFetch, nullptr, nullptr, nullptr, nullptr };
+const GlobalObjectMethodTable GlobalObject::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, 0, &shouldInterruptScriptBeforeTimeout, &moduleLoaderResolve, &moduleLoaderFetch, nullptr, nullptr, nullptr, nullptr };
GlobalObject::GlobalObject(VM& vm, Structure* structure)
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -207,7 +207,7 @@
const ClassInfo JSGlobalObject::s_info = { "GlobalObject", &Base::s_info, &globalObjectTable, CREATE_METHOD_TABLE(JSGlobalObject) };
-const GlobalObjectMethodTable JSGlobalObject::s_globalObjectMethodTable = { &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, nullptr, &shouldInterruptScriptBeforeTimeout, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr };
+const GlobalObjectMethodTable JSGlobalObject::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, nullptr, &shouldInterruptScriptBeforeTimeout, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr };
/* Source for JSGlobalObject.lut.h
@begin globalObjectTable
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -148,6 +148,9 @@
typedef Vector<ExecState*, 16> ExecStateStack;
struct GlobalObjectMethodTable {
+ typedef bool (*AllowsAccessFromFunctionPtr)(const JSGlobalObject*, ExecState*);
+ AllowsAccessFromFunctionPtr allowsAccessFrom;
+
typedef bool (*SupportsRichSourceInfoFunctionPtr)(const JSGlobalObject*);
SupportsRichSourceInfoFunctionPtr supportsRichSourceInfo;
@@ -709,6 +712,7 @@
const GlobalObjectMethodTable* globalObjectMethodTable() const { return m_globalObjectMethodTable; }
+ static bool allowsAccessFrom(const JSGlobalObject*, ExecState*) { return true; }
static bool supportsRichSourceInfo(const JSGlobalObject*) { return true; }
JS_EXPORT_PRIVATE ExecState* globalExec();
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -866,6 +866,38 @@
return throwVMTypeError(exec, scope, "'arguments', 'callee', and 'caller' cannot be accessed in strict mode.");
}
+class GlobalFuncProtoGetterFunctor {
+public:
+ GlobalFuncProtoGetterFunctor(ExecState* exec, JSObject* thisObject)
+ : m_exec(exec)
+ , m_hasSkippedFirstFrame(false)
+ , m_thisObject(thisObject)
+ , m_result(JSValue::encode(jsUndefined()))
+ {
+ }
+
+ EncodedJSValue result() { return m_result; }
+
+ StackVisitor::Status operator()(StackVisitor& visitor) const
+ {
+ if (!m_hasSkippedFirstFrame) {
+ m_hasSkippedFirstFrame = true;
+ return StackVisitor::Continue;
+ }
+
+ if (m_thisObject->allowsAccessFrom(visitor->callFrame()))
+ m_result = JSValue::encode(m_thisObject->getPrototype(m_exec->vm(), m_exec));
+
+ return StackVisitor::Done;
+ }
+
+private:
+ ExecState* m_exec;
+ mutable bool m_hasSkippedFirstFrame;
+ JSObject* m_thisObject;
+ mutable EncodedJSValue m_result;
+};
+
EncodedJSValue JSC_HOST_CALL globalFuncProtoGetter(ExecState* exec)
{
VM& vm = exec->vm();
@@ -883,9 +915,49 @@
return JSValue::encode(prototype);
}
- return JSValue::encode(thisObject->getPrototype(vm, exec));
+ GlobalFuncProtoGetterFunctor functor(exec, thisObject);
+ // This can throw but it's just unneeded extra work to check for it. The return
+ // value from this function is only used as the return value from a host call.
+ // Therefore, the return value is only used if there wasn't an exception.
+ exec->iterate(functor);
+ return functor.result();
}
+class GlobalFuncProtoSetterFunctor {
+public:
+ GlobalFuncProtoSetterFunctor(JSObject* thisObject)
+ : m_hasSkippedFirstFrame(false)
+ , m_allowsAccess(false)
+ , m_thisObject(thisObject)
+ {
+ }
+
+ bool allowsAccess() const { return m_allowsAccess; }
+
+ StackVisitor::Status operator()(StackVisitor& visitor) const
+ {
+ if (!m_hasSkippedFirstFrame) {
+ m_hasSkippedFirstFrame = true;
+ return StackVisitor::Continue;
+ }
+
+ m_allowsAccess = m_thisObject->allowsAccessFrom(visitor->callFrame());
+ return StackVisitor::Done;
+ }
+
+private:
+ mutable bool m_hasSkippedFirstFrame;
+ mutable bool m_allowsAccess;
+ JSObject* m_thisObject;
+};
+
+bool checkProtoSetterAccessAllowed(ExecState* exec, JSObject* object)
+{
+ GlobalFuncProtoSetterFunctor functor(object);
+ exec->iterate(functor);
+ return functor.allowsAccess();
+}
+
EncodedJSValue JSC_HOST_CALL globalFuncProtoSetter(ExecState* exec)
{
VM& vm = exec->vm();
@@ -902,6 +974,9 @@
if (!thisObject)
return JSValue::encode(jsUndefined());
+ if (!checkProtoSetterAccessAllowed(exec, thisObject))
+ return JSValue::encode(jsUndefined());
+
// Setting __proto__ to a non-object, non-null value is silently ignored to match Mozilla.
if (!value.isObject() && !value.isNull())
return JSValue::encode(jsUndefined());
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -52,6 +52,8 @@
EncodedJSValue JSC_HOST_CALL globalFuncProtoSetter(ExecState*);
EncodedJSValue JSC_HOST_CALL globalFuncBuiltinLog(ExecState*);
+bool checkProtoSetterAccessAllowed(ExecState*, JSObject*);
+
static const double mantissaOverflowLowerBound = 9007199254740992.0;
double parseIntOverflow(const LChar*, unsigned length, int radix);
bool isStrWhiteSpace(UChar);
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1371,6 +1371,7 @@
}
JSValue nextPrototype = prototype;
+ MethodTable::GetPrototypeFunctionPtr defaultGetPrototype = JSObject::getPrototype;
while (nextPrototype && nextPrototype.isObject()) {
if (nextPrototype == this) {
if (shouldThrowIfCantSet)
@@ -1377,11 +1378,8 @@
throwTypeError(exec, scope, ASCIILiteral("cyclic __proto__ value"));
return false;
}
- // FIXME: The specification says we should do this but this allows for cycles and our
- // code base currently does not deal properly with such cycles.
- // https://bugs.webkit.org/show_bug.cgi?id=161534
- // if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != JSObject::getPrototype))
- // break; // We're done. Set the prototype.
+ if (UNLIKELY(asObject(nextPrototype)->methodTable(vm)->getPrototype != defaultGetPrototype))
+ break; // We're done. Set the prototype.
nextPrototype = asObject(nextPrototype)->getPrototypeDirect();
}
setPrototypeDirect(vm, prototype);
@@ -1403,6 +1401,12 @@
return methodTable(vm)->setPrototype(this, exec, prototype, shouldThrowIfCantSet);
}
+bool JSObject::allowsAccessFrom(ExecState* exec)
+{
+ JSGlobalObject* globalObject = this->globalObject();
+ return globalObject->globalObjectMethodTable()->allowsAccessFrom(globalObject, exec);
+}
+
bool JSObject::putGetter(ExecState* exec, PropertyName propertyName, JSValue getter, unsigned attributes)
{
PropertyDescriptor descriptor;
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -168,6 +168,8 @@
// being returned. Once this is fixed we should migrate code & remove this method.
JS_EXPORT_PRIVATE bool getOwnPropertyDescriptor(ExecState*, PropertyName, PropertyDescriptor&);
+ JS_EXPORT_PRIVATE bool allowsAccessFrom(ExecState*);
+
unsigned getArrayLength() const
{
if (!hasIndexedProperties(indexingType()))
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -145,16 +145,4 @@
thisObject->target()->methodTable(exec->vm())->getOwnPropertyNames(thisObject->target(), exec, propertyNames, mode);
}
-bool JSProxy::setPrototype(JSObject* object, ExecState* exec, JSValue value, bool shouldThrowIfCantSet)
-{
- JSProxy* thisObject = jsCast<JSProxy*>(object);
- return thisObject->target()->methodTable(exec->vm())->setPrototype(thisObject->target(), exec, value, shouldThrowIfCantSet);
-}
-
-JSValue JSProxy::getPrototype(JSObject* object, ExecState* exec)
-{
- JSProxy* thisObject = jsCast<JSProxy*>(object);
- return thisObject->target()->methodTable(exec->vm())->getPrototype(thisObject->target(), exec);
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.h (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/JSProxy.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -94,8 +94,6 @@
JS_EXPORT_PRIVATE static void getStructurePropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
JS_EXPORT_PRIVATE static void getGenericPropertyNames(JSObject*, ExecState*, PropertyNameArray&, EnumerationMode);
JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool shouldThrow);
- JS_EXPORT_PRIVATE static bool setPrototype(JSObject*, ExecState*, JSValue, bool shouldThrowIfCantSet);
- JS_EXPORT_PRIVATE static JSValue getPrototype(JSObject*, ExecState*);
JS_EXPORT_PRIVATE static bool preventExtensions(JSObject*, ExecState*);
private:
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -166,12 +166,55 @@
return CallType::Host;
}
+class ObjectConstructorGetPrototypeOfFunctor {
+public:
+ ObjectConstructorGetPrototypeOfFunctor(ExecState* exec, JSObject* object)
+ : m_exec(exec)
+ , m_hasSkippedFirstFrame(false)
+ , m_object(object)
+ , m_result(jsUndefined())
+ {
+ }
+
+ JSValue result() const { return m_result; }
+
+ StackVisitor::Status operator()(StackVisitor& visitor) const
+ {
+ if (!m_hasSkippedFirstFrame) {
+ m_hasSkippedFirstFrame = true;
+ return StackVisitor::Continue;
+ }
+
+ if (m_object->allowsAccessFrom(visitor->callFrame()))
+ m_result = m_object->getPrototype(m_exec->vm(), m_exec);
+ else
+ m_result = jsNull();
+ return StackVisitor::Done;
+ }
+
+private:
+ ExecState* m_exec;
+ mutable bool m_hasSkippedFirstFrame;
+ JSObject* m_object;
+ mutable JSValue m_result;
+};
+
+JSValue objectConstructorGetPrototypeOf(ExecState* exec, JSObject* object)
+{
+ ObjectConstructorGetPrototypeOfFunctor functor(exec, object);
+ // This can throw but it's just unneeded extra work to check for it. The return
+ // value from this function is only used as the return value from a host call.
+ // Therefore, the return value is only used if there wasn't an exception.
+ exec->iterate(functor);
+ return functor.result();
+}
+
EncodedJSValue JSC_HOST_CALL objectConstructorGetPrototypeOf(ExecState* exec)
{
JSObject* object = exec->argument(0).toObject(exec);
if (exec->hadException())
return JSValue::encode(jsUndefined());
- return JSValue::encode(object->getPrototype(exec->vm(), exec));
+ return JSValue::encode(objectConstructorGetPrototypeOf(exec, object));
}
EncodedJSValue JSC_HOST_CALL objectConstructorSetPrototypeOf(ExecState* exec)
@@ -191,6 +234,11 @@
if (exec->hadException())
return JSValue::encode(objectValue);
+ if (!checkProtoSetterAccessAllowed(exec, object)) {
+ throwTypeError(exec, scope, ASCIILiteral("Permission denied"));
+ return JSValue::encode(objectValue);
+ }
+
bool shouldThrowIfCantSet = true;
bool didSetPrototype = object->setPrototype(vm, exec, protoValue, shouldThrowIfCantSet);
ASSERT_UNUSED(didSetPrototype, vm.exception() || didSetPrototype);
Modified: trunk/Source/_javascript_Core/runtime/ObjectConstructor.h (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/ObjectConstructor.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/ObjectConstructor.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -124,6 +124,7 @@
JS_EXPORT_PRIVATE JSObject* objectConstructorFreeze(ExecState*, JSObject*);
+JSValue objectConstructorGetPrototypeOf(ExecState*, JSObject*);
JSValue objectConstructorGetOwnPropertyDescriptor(ExecState*, JSObject*, const Identifier&);
JSValue objectConstructorGetOwnPropertyDescriptors(ExecState*, JSObject*);
JSArray* ownPropertyKeys(ExecState*, JSObject*, PropertyNameMode, DontEnumPropertiesMode);
Modified: trunk/Source/_javascript_Core/runtime/ReflectObject.cpp (205371 => 205372)
--- trunk/Source/_javascript_Core/runtime/ReflectObject.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/_javascript_Core/runtime/ReflectObject.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -215,7 +215,7 @@
JSValue target = exec->argument(0);
if (!target.isObject())
return JSValue::encode(throwTypeError(exec, scope, ASCIILiteral("Reflect.getPrototypeOf requires the first argument be an object")));
- return JSValue::encode(asObject(target)->getPrototype(exec->vm(), exec));
+ return JSValue::encode(objectConstructorGetPrototypeOf(exec, asObject(target)));
}
// https://tc39.github.io/ecma262/#sec-reflect.isextensible
@@ -302,6 +302,9 @@
JSObject* object = asObject(target);
+ if (!checkProtoSetterAccessAllowed(exec, object))
+ return JSValue::encode(jsBoolean(false));
+
bool shouldThrowIfCantSet = false;
bool didSetPrototype = object->setPrototype(vm, exec, proto, shouldThrowIfCantSet);
if (vm.exception())
Modified: trunk/Source/WebCore/ChangeLog (205371 => 205372)
--- trunk/Source/WebCore/ChangeLog 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/ChangeLog 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1,3 +1,25 @@
+2016-09-02 Chris Dumez <[email protected]>
+
+ Unreviewed, roll out r205354 because it caused JSC test failures
+
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::shouldAllowAccessFrom):
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::preventExtensions): Deleted.
+ (WebCore::JSDOMWindow::setLocation): Deleted.
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::preventExtensions): Deleted.
+ (WebCore::JSLocationPrototype::putDelegate): Deleted.
+ (WebCore::JSLocationPrototype::defineOwnProperty): Deleted.
+ * bindings/js/JSWorkerGlobalScopeBase.cpp:
+ (WebCore::JSWorkerGlobalScopeBase::allowsAccessFrom):
+ * bindings/js/JSWorkerGlobalScopeBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateHeader):
+ * bindings/scripts/IDLAttributes.txt:
+ * page/DOMWindow.idl:
+ * page/Location.idl:
+
2016-09-02 Joseph Pecoraro <[email protected]>
Web Inspector: Provide a way to open an inspector frontend for a remote target
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (205371 => 205372)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -57,9 +57,14 @@
namespace WebCore {
+static bool shouldAllowAccessFrom(const JSGlobalObject* thisObject, ExecState* exec)
+{
+ return BindingSecurity::shouldAllowAccessToDOMWindow(exec, asJSDOMWindow(thisObject)->wrapped());
+}
+
const ClassInfo JSDOMWindowBase::s_info = { "Window", &JSDOMGlobalObject::s_info, 0, CREATE_METHOD_TABLE(JSDOMWindowBase) };
-const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, &queueTaskToEventLoop, &shouldInterruptScriptBeforeTimeout, &moduleLoaderResolve, &moduleLoaderFetch, nullptr, nullptr, &moduleLoaderEvaluate, &defaultLanguage };
+const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = { &shouldAllowAccessFrom, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, &queueTaskToEventLoop, &shouldInterruptScriptBeforeTimeout, &moduleLoaderResolve, &moduleLoaderFetch, nullptr, nullptr, &moduleLoaderEvaluate, &defaultLanguage };
JSDOMWindowBase::JSDOMWindowBase(VM& vm, Structure* structure, RefPtr<DOMWindow>&& window, JSDOMWindowShell* shell)
: JSDOMGlobalObject(vm, structure, shell->world(), &s_globalObjectMethodTable)
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (205371 => 205372)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -342,25 +342,6 @@
return Base::defineOwnProperty(thisObject, exec, propertyName, descriptor, shouldThrow);
}
-bool JSDOMWindow::setPrototype(JSObject*, ExecState* exec, JSValue, bool shouldThrowIfCantSet)
-{
- auto scope = DECLARE_THROW_SCOPE(exec->vm());
-
- if (shouldThrowIfCantSet)
- throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object"));
-
- return false;
-}
-
-JSValue JSDOMWindow::getPrototype(JSObject* object, ExecState* exec)
-{
- JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
- if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError))
- return jsNull();
-
- return Base::getPrototype(object, exec);
-}
-
bool JSDOMWindow::preventExtensions(JSObject* object, ExecState* exec)
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (205371 => 205372)
--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -128,25 +128,6 @@
return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
}
-bool JSLocation::setPrototype(JSObject*, ExecState* exec, JSValue, bool shouldThrowIfCantSet)
-{
- auto scope = DECLARE_THROW_SCOPE(exec->vm());
-
- if (shouldThrowIfCantSet)
- throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object"));
-
- return false;
-}
-
-JSValue JSLocation::getPrototype(JSObject* object, ExecState* exec)
-{
- JSLocation* thisObject = jsCast<JSLocation*>(object);
- if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), DoNotReportSecurityError))
- return jsNull();
-
- return Base::getPrototype(object, exec);
-}
-
bool JSLocation::preventExtensions(JSObject* object, ExecState* exec)
{
JSLocation* thisObject = jsCast<JSLocation*>(object);
Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp (205371 => 205372)
--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2016-09-02 21:41:58 UTC (rev 205372)
@@ -45,7 +45,7 @@
const ClassInfo JSWorkerGlobalScopeBase::s_info = { "WorkerGlobalScope", &JSDOMGlobalObject::s_info, 0, CREATE_METHOD_TABLE(JSWorkerGlobalScopeBase) };
-const GlobalObjectMethodTable JSWorkerGlobalScopeBase::s_globalObjectMethodTable = { &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, &queueTaskToEventLoop, &shouldInterruptScriptBeforeTimeout, nullptr, nullptr, nullptr, nullptr, nullptr, &defaultLanguage };
+const GlobalObjectMethodTable JSWorkerGlobalScopeBase::s_globalObjectMethodTable = { &allowsAccessFrom, &supportsRichSourceInfo, &shouldInterruptScript, &_javascript_RuntimeFlags, &queueTaskToEventLoop, &shouldInterruptScriptBeforeTimeout, nullptr, nullptr, nullptr, nullptr, nullptr, &defaultLanguage };
JSWorkerGlobalScopeBase::JSWorkerGlobalScopeBase(JSC::VM& vm, JSC::Structure* structure, RefPtr<WorkerGlobalScope>&& impl)
: JSDOMGlobalObject(vm, structure, normalWorld(vm), &s_globalObjectMethodTable)
@@ -79,6 +79,11 @@
return m_wrapped.get();
}
+bool JSWorkerGlobalScopeBase::allowsAccessFrom(const JSGlobalObject* object, ExecState* exec)
+{
+ return JSGlobalObject::allowsAccessFrom(object, exec);
+}
+
bool JSWorkerGlobalScopeBase::supportsRichSourceInfo(const JSGlobalObject* object)
{
return JSGlobalObject::supportsRichSourceInfo(object);
Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h (205371 => 205372)
--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h 2016-09-02 21:41:58 UTC (rev 205372)
@@ -53,6 +53,7 @@
static const JSC::GlobalObjectMethodTable s_globalObjectMethodTable;
+ static bool allowsAccessFrom(const JSC::JSGlobalObject*, JSC::ExecState*);
static bool supportsRichSourceInfo(const JSC::JSGlobalObject*);
static bool shouldInterruptScript(const JSC::JSGlobalObject*);
static bool shouldInterruptScriptBeforeTimeout(const JSC::JSGlobalObject*);
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (205371 => 205372)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-09-02 21:41:58 UTC (rev 205372)
@@ -1322,10 +1322,6 @@
# Custom defineOwnProperty function
push(@headerContent, " static bool defineOwnProperty(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, const JSC::PropertyDescriptor&, bool shouldThrow);\n") if $interface->extendedAttributes->{"JSCustomDefineOwnProperty"};
- # Custom getPrototype / setPrototype functions.
- push (@headerContent, " static JSC::JSValue getPrototype(JSC::JSObject*, JSC::ExecState*);\n") if $interface->extendedAttributes->{"CustomGetPrototype"};
- push (@headerContent, " static bool setPrototype(JSC::JSObject*, JSC::ExecState*, JSC::JSValue, bool shouldThrowIfCantSet);\n") if $interface->extendedAttributes->{"CustomSetPrototype"};
-
# Custom preventExtensions function.
push(@headerContent, " static bool preventExtensions(JSC::JSObject*, JSC::ExecState*);\n") if $interface->extendedAttributes->{"CustomPreventExtensions"};
Modified: trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt (205371 => 205372)
--- trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-09-02 21:41:58 UTC (rev 205372)
@@ -41,7 +41,6 @@
CustomDeleteProperty
CustomEnumerateProperty
CustomGetOwnPropertySlot
-CustomGetPrototype
CustomGetter
CustomIndexedSetter
CustomIsReachable
@@ -51,7 +50,6 @@
CustomProxyToJSObject
CustomPutFunction
CustomReturn
-CustomSetPrototype
CustomSetter
CustomToJSObject
Deletable
Modified: trunk/Source/WebCore/page/DOMWindow.idl (205371 => 205372)
--- trunk/Source/WebCore/page/DOMWindow.idl 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/page/DOMWindow.idl 2016-09-02 21:41:58 UTC (rev 205372)
@@ -29,11 +29,9 @@
CustomDeleteProperty,
CustomEnumerateProperty,
CustomGetOwnPropertySlot,
- CustomGetPrototype,
CustomPreventExtensions,
CustomProxyToJSObject,
CustomPutFunction,
- CustomSetPrototype,
ExportMacro=WEBCORE_EXPORT,
ImplicitThis,
InterfaceName=Window,
Modified: trunk/Source/WebCore/page/Location.idl (205371 => 205372)
--- trunk/Source/WebCore/page/Location.idl 2016-09-02 21:23:43 UTC (rev 205371)
+++ trunk/Source/WebCore/page/Location.idl 2016-09-02 21:41:58 UTC (rev 205372)
@@ -30,10 +30,8 @@
CheckSecurity,
CustomDeleteProperty,
CustomEnumerateProperty,
- CustomGetPrototype,
CustomNamedSetter,
CustomPreventExtensions,
- CustomSetPrototype,
GenerateIsReachable=ImplFrame,
JSCustomDefineOwnProperty,
JSCustomDefineOwnPropertyOnPrototype,
