Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 86513355ed9fd7714834054a3112b92206344cac
https://github.com/WebKit/WebKit/commit/86513355ed9fd7714834054a3112b92206344cac
Author: Mark Lam <[email protected]>
Date: 2023-10-16 (Mon, 16 Oct 2023)
Changed paths:
M Source/JavaScriptCore/tools/JSDollarVM.cpp
M Source/JavaScriptCore/tools/JSDollarVM.h
Log Message:
-----------
Make all senstitive $vm properties not enumerable by
Object.getOwnPropertyNames.
https://bugs.webkit.org/show_bug.cgi?id=263187
rdar://112814894
Reviewed by Keith Miller and Justin Michaud.
$vm functions are not meant to be enumerable. That's why all of them have the
DontEnum attribute.
However, Object.getOwnPropertyNames does not honor this by default. As a
result, this can trip up
fuzzers that happens to enumerate it with Object.getOwnPropertyNames.
The fix is to make JSDollarVM OverridesGetOwnPropertyNames, and have its
getOwnPropertyNames
method always exclude DontEnum properties as expected.
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSDollarVM::getOwnPropertyNames):
* Source/JavaScriptCore/tools/JSDollarVM.h:
Canonical link: https://commits.webkit.org/269361@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
