kIsConstructor = 1 << 5,
kScriptNameOrSourceURL = 1 << 6,
kScriptId = 1 << 7,
+ kExposeFramesAcrossSecurityOrigins = 1 << 8,
kOverview = kLineNumber | kColumnOffset | kScriptName | kFunctionName,
kDetailed = kOverview | kIsEval | kIsConstructor | kScriptNameOrSourceURL
};
//
+static inline bool AllowAccessToFunction(Context* current_context,
+ JSFunction* function) {
+ return current_context->HasSameSecurityTokenAs(function->context());
+}
+
+
class FrameFunctionIterator {
public:
FrameFunctionIterator(Isolate* isolate, const DisallowHeapAllocation& promise)
- : frame_iterator_(isolate),
+ : isolate_(isolate),
+ frame_iterator_(isolate),
functions_(2),
index_(0) {
GetFunctions();
}
JSFunction* next() {
- if (functions_.length() == 0) return NULL;
- JSFunction* next_function = functions_[index_];
- index_--;
- if (index_ < 0) {
- GetFunctions();
+ while (true) {
+ if (functions_.length() == 0) return NULL;
+ JSFunction* next_function = functions_[index_];
+ index_--;
+ if (index_ < 0) {
+ GetFunctions();
+ }
+ // Skip functions from other origins.
+ if (!AllowAccessToFunction(isolate_->context(), next_function)) continue;
+ return next_function;
}
- return next_function;
}
// Iterate through functions until the first occurence of 'function'.
frame_iterator_.Advance();
index_ = functions_.length() - 1;
}
+ Isolate* isolate_;
JavaScriptFrameIterator frame_iterator_;
List<JSFunction*> functions_;
int index_;
if (caller->shared()->strict_mode() == STRICT) {
return MaybeHandle<JSFunction>();
}
+ // Don't return caller from another security context.
+ if (!AllowAccessToFunction(isolate->context(), caller)) {
+ return MaybeHandle<JSFunction>();
+ }
return Handle<JSFunction>(caller);
}
StackTraceOptions options) {
i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
ENTER_V8(i_isolate);
+ // TODO(dcarney): remove when ScriptDebugServer is fixed.
+ options = static_cast<StackTraceOptions>(
+ static_cast<int>(options) | kExposeFramesAcrossSecurityOrigins);
i::Handle<i::JSArray> stackTrace =
i_isolate->CaptureCurrentStackTrace(frame_limit, options);
return Utils::StackTraceToLocal(stackTrace);
return map == map->GetHeap()->global_context_map();
}
+ bool HasSameSecurityTokenAs(Context* that) {
+ return this->global_object()->native_context()->security_token() ==
+ that->global_object()->native_context()->security_token();
+ }
+
// A native context holds a list of all functions with optimized code.
void AddOptimizedFunction(JSFunction* function);
void RemoveOptimizedFunction(JSFunction* function);
iter.Advance()) {
StackFrame* raw_frame = iter.frame();
if (IsVisibleInStackTrace(raw_frame, *caller, &seen_caller)) {
- frames_seen++;
JavaScriptFrame* frame = JavaScriptFrame::cast(raw_frame);
// Set initial size to the maximum inlining level + 1 for the outermost
// function.
List<FrameSummary> frames(FLAG_max_inlining_levels + 1);
frame->Summarize(&frames);
for (int i = frames.length() - 1; i >= 0; i--) {
+ Handle<JSFunction> fun = frames[i].function();
+ // Filter out frames from other security contexts.
+ if (!this->context()->HasSameSecurityTokenAs(fun->context())) continue;
if (cursor + 4 > elements->length()) {
int new_capacity = JSObject::NewElementsCapacity(elements->length());
Handle<FixedArray> new_elements =
ASSERT(cursor + 4 <= elements->length());
Handle<Object> recv = frames[i].receiver();
- Handle<JSFunction> fun = frames[i].function();
Handle<Code> code = frames[i].code();
Handle<Smi> offset(Smi::FromInt(frames[i].offset()), this);
// The stack trace API should not expose receivers and function
elements->set(cursor++, *code);
elements->set(cursor++, *offset);
}
+ frames_seen++;
}
}
elements->set(0, Smi::FromInt(sloppy_frames));
List<FrameSummary> frames(FLAG_max_inlining_levels + 1);
frame->Summarize(&frames);
for (int i = frames.length() - 1; i >= 0 && frames_seen < limit; i--) {
+ Handle<JSFunction> fun = frames[i].function();
+ // Filter frames from other security contexts.
+ if (!(options & StackTrace::kExposeFramesAcrossSecurityOrigins) &&
+ !this->context()->HasSameSecurityTokenAs(fun->context())) continue;
+
// Create a JSObject to hold the information for the StackFrame.
Handle<JSObject> stack_frame = factory()->NewJSObject(object_function());
- Handle<JSFunction> fun = frames[i].function();
Handle<Script> script(Script::cast(fun->shared()->script()));
if (options & StackTrace::kLineNumber) {
--- /dev/null
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var realms = [Realm.current(), Realm.create()];
+
+// Check stack trace filtering across security contexts.
+var thrower_script =
+ "(function () { Realm.eval(Realm.current(), 'throw Error()') })";
+Realm.shared = {
+ thrower_0: Realm.eval(realms[0], thrower_script),
+ thrower_1: Realm.eval(realms[1], thrower_script),
+};
+
+var script = " \
+ Error.prepareStackTrace = function(a, b) { return b; }; \
+ try { \
+ Realm.shared.thrower_0(); \
+ } catch (e) { \
+ Realm.shared.error_0 = e.stack; \
+ } \
+ try { \
+ Realm.shared.thrower_1(); \
+ } catch (e) { \
+ Realm.shared.error_1 = e.stack; \
+ } \
+";
+
+function assertNotIn(thrower, error) {
+ for (var i = 0; i < error.length; i++) {
+ assertFalse(false === error[i].getFunction());
+ }
+}
+
+Realm.eval(realms[1], script);
+assertSame(3, Realm.shared.error_0.length);
+assertSame(4, Realm.shared.error_1.length);
+
+assertTrue(Realm.shared.thrower_1 === Realm.shared.error_1[2].getFunction());
+assertNotIn(Realm.shared.thrower_0, Realm.shared.error_0);
+assertNotIn(Realm.shared.thrower_0, Realm.shared.error_1);
+
+Realm.eval(realms[0], script);
+assertSame(5, Realm.shared.error_0.length);
+assertSame(4, Realm.shared.error_1.length);
+
+assertTrue(Realm.shared.thrower_0 === Realm.shared.error_0[2].getFunction());
+assertNotIn(Realm.shared.thrower_1, Realm.shared.error_0);
+assertNotIn(Realm.shared.thrower_1, Realm.shared.error_1);
+
+
+// Check .caller filtering across security contexts.
+var caller_script = "(function (f) { f(); })";
+Realm.shared = {
+ caller_0 : Realm.eval(realms[0], caller_script),
+ caller_1 : Realm.eval(realms[1], caller_script),
+}
+
+script = " \
+ function f_0() { Realm.shared.result_0 = arguments.callee.caller; }; \
+ function f_1() { Realm.shared.result_1 = arguments.callee.caller; }; \
+ Realm.shared.caller_0(f_0); \
+ Realm.shared.caller_1(f_1); \
+";
+
+Realm.eval(realms[1], script);
+assertSame(null, Realm.shared.result_0);
+assertSame(Realm.shared.caller_1, Realm.shared.result_1);
+
+Realm.eval(realms[0], script);
+assertSame(Realm.shared.caller_0, Realm.shared.result_0);
+assertSame(null, Realm.shared.result_1);