Title: [205607] releases/WebKitGTK/webkit-2.14
- Revision
- 205607
- Author
- [email protected]
- Date
- 2016-09-08 01:46:47 -0700 (Thu, 08 Sep 2016)
Log Message
Merge r205258 - Object.getPrototypeOf() should return null cross-origin
https://bugs.webkit.org/show_bug.cgi?id=161393
Reviewed by Geoffrey Garen.
Source/_javascript_Core:
Object.getPrototypeOf() should return null cross-origin:
- https://html.spec.whatwg.org/#windowproxy-getprototypeof
- https://html.spec.whatwg.org/#location-getprototypeof
Firefox and Chrome return null. However, WebKit was returning undefined.
* runtime/ObjectConstructor.cpp:
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
LayoutTests:
Add layout test coverage.
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf.html:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog (205606 => 205607)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2016-09-08 08:23:42 UTC (rev 205606)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2016-09-08 08:46:47 UTC (rev 205607)
@@ -1,3 +1,15 @@
+2016-08-31 Chris Dumez <[email protected]>
+
+ Object.getPrototypeOf() should return null cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=161393
+
+ Reviewed by Geoffrey Garen.
+
+ Add layout test coverage.
+
+ * http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
+ * http/tests/security/cross-frame-access-object-getPrototypeOf.html:
+
2016-08-31 Antti Koivisto <[email protected]>
REGRESSION (r201701): Unable to copy from CodeMirror editor version used in Jenkins install website
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt (205606 => 205607)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-09-08 08:23:42 UTC (rev 205606)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt 2016-09-08 08:46:47 UTC (rev 205607)
@@ -1,7 +1,9 @@
CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
This tests that you can't get the prototype of the window or history objects cross-origin using Object.getPrototypeOf().
-PASS: Object.getPrototypeOf(targetWindow) should be 'undefined' and is.
+PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is.
+PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is.
PASS targetWindow.history threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: successfullyParsed should be 'true' and is.
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html (205606 => 205607)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-09-08 08:23:42 UTC (rev 205606)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html 2016-09-08 08:46:47 UTC (rev 205607)
@@ -16,7 +16,8 @@
{
targetWindow = document.getElementById("target").contentWindow;
- shouldBeUndefined("Object.getPrototypeOf(targetWindow)");
+ shouldBeNull("Object.getPrototypeOf(targetWindow)");
+ shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
shouldThrowErrorName("targetWindow.history", "SecurityError");
finishJSTest();
Modified: releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/ChangeLog (205606 => 205607)
--- releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/ChangeLog 2016-09-08 08:23:42 UTC (rev 205606)
+++ releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/ChangeLog 2016-09-08 08:46:47 UTC (rev 205607)
@@ -1,3 +1,19 @@
+2016-08-31 Chris Dumez <[email protected]>
+
+ Object.getPrototypeOf() should return null cross-origin
+ https://bugs.webkit.org/show_bug.cgi?id=161393
+
+ Reviewed by Geoffrey Garen.
+
+ Object.getPrototypeOf() should return null cross-origin:
+ - https://html.spec.whatwg.org/#windowproxy-getprototypeof
+ - https://html.spec.whatwg.org/#location-getprototypeof
+
+ Firefox and Chrome return null. However, WebKit was returning undefined.
+
+ * runtime/ObjectConstructor.cpp:
+ (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
+
2016-08-31 Yusuke Suzuki <[email protected]>
[JSC] AbstractValue can contain padding which is not zero-filled
Modified: releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/runtime/ObjectConstructor.cpp (205606 => 205607)
--- releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-09-08 08:23:42 UTC (rev 205606)
+++ releases/WebKitGTK/webkit-2.14/Source/_javascript_Core/runtime/ObjectConstructor.cpp 2016-09-08 08:46:47 UTC (rev 205607)
@@ -187,6 +187,8 @@
if (m_object->allowsAccessFrom(visitor->callFrame()))
m_result = m_object->getPrototype(m_exec->vm(), m_exec);
+ else
+ m_result = jsNull();
return StackVisitor::Done;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
