Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 4ad3bb8b572370d20751a00b43c4922ee8071123
https://github.com/WebKit/WebKit/commit/4ad3bb8b572370d20751a00b43c4922ee8071123
Author: Ruthvik Konda <[email protected]>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M
LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt
M LayoutTests/http/tests/security/cross-origin-window-property-access.html
A
LayoutTests/http/tests/site-isolation/remotedomwindow-property-access-security-checks-expected.txt
A
LayoutTests/http/tests/site-isolation/remotedomwindow-property-access-security-checks.html
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
Log Message:
-----------
Remove bypass for RemoteDOMWindow $vm property access
https://bugs.webkit.org/show_bug.cgi?id=300773
rdar://115751655
Reviewed by Yusuke Suzuki and Keith Miller.
While https://commits.webkit.org/277560@main fixed the majority of
RemoteDOMWindow property access
security checks, $vm still has a hack/bypass. This PR removes that bypass and
allows $vm to go thru
the same correct security checks that other properties do.
exposeDollarVM() currently uses hasOwnProperty() to check if $vm has already
been exposed. With the
changes in this PR, this causes a SecurityError and a resulting assert because
RemoteDOMWindow
is not allowed to access $vm. To solve this, we replace this check with
getOwnPropertySlot().
We adjust the existing cross origin property access test to include $vm to
ensure we don't regress
any existing behavior. Lastly, we add a new SI test to ensure that with SI on,
all RemoteDOMWindow property
access security checks go thru correctly (including $vm).
Test:
http/tests/site-isolation/remotedomwindow-property-access-security-checks.html
*
LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt:
* LayoutTests/http/tests/security/cross-origin-window-property-access.html:
*
LayoutTests/http/tests/site-isolation/remotedomwindow-property-access-security-checks-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/remotedomwindow-property-access-security-checks.html:
Added.
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::exposeDollarVM):
* Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
Canonical link: https://commits.webkit.org/301696@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
