From 95892799e14544062ff075be51320c7bd4a41c23 Mon Sep 17 00:00:00 2001 From: "ricow@chromium.org" Date: Fri, 18 Feb 2011 10:39:02 +0000 Subject: [PATCH] Add access checks to Object.preventExtensions + add regression test for 1027. Object.preventExtensions can currently be used cross-domain. With this change we follow firefox (IE9 has our current behaviour). In addition this includes a regression test for 1027 and access tests for Object.seal and Object.freeze. Review URL: http://codereview.chromium.org/6534019 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6848 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/objects.cc | 6 ++++++ src/runtime.cc | 2 ++ test/cctest/test-api.cc | 25 +++++++++++++++++++++++-- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/objects.cc b/src/objects.cc index e0232d5..e56c917 100644 --- a/src/objects.cc +++ b/src/objects.cc @@ -2813,6 +2813,12 @@ bool JSObject::ReferencesObject(Object* obj) { MaybeObject* JSObject::PreventExtensions() { + if (IsAccessCheckNeeded() && + !Top::MayNamedAccess(this, Heap::undefined_value(), v8::ACCESS_KEYS)) { + Top::ReportFailedAccessCheck(this, v8::ACCESS_KEYS); + return Heap::false_value(); + } + if (IsJSGlobalProxy()) { Object* proto = GetPrototype(); if (proto->IsNull()) return this; diff --git a/src/runtime.cc b/src/runtime.cc index 2a503e3..df403bc 100644 --- a/src/runtime.cc +++ b/src/runtime.cc @@ -3690,6 +3690,8 @@ static MaybeObject* Runtime_DefineOrRedefineDataProperty(Arguments args) { is_element) { // Normalize the elements to enable attributes on the property. if (js_object->IsJSGlobalProxy()) { + // We do not need to do access checks here since these has already + // been performed by the call to GetOwnProperty. Handle proto(js_object->GetPrototype()); // If proxy is detached, ignore the assignment. Alternatively, // we could throw an exception. diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc index c43078d..0b6a2b7 100644 --- a/test/cctest/test-api.cc +++ b/test/cctest/test-api.cc @@ -5652,8 +5652,7 @@ TEST(AccessControl) { } -// This is a regression test for issue 1154. -TEST(AccessControlObjectKeys) { +TEST(AccessControlES5) { v8::HandleScope handle_scope; v8::Handle global_template = v8::ObjectTemplate::New(); @@ -5677,7 +5676,29 @@ TEST(AccessControlObjectKeys) { v8::Handle global1 = context1->Global(); global1->Set(v8_str("other"), global0); + // Regression test for issue 1154. ExpectTrue("Object.keys(other).indexOf('blocked_prop') == -1"); + + ExpectUndefined("other.blocked_prop"); + + // Regression test for issue 1027. + CompileRun("Object.defineProperty(\n" + " other, 'blocked_prop', {configurable: false})"); + ExpectUndefined("other.blocked_prop"); + ExpectUndefined( + "Object.getOwnPropertyDescriptor(other, 'blocked_prop')"); + + // Regression test for issue 1171. + ExpectTrue("Object.isExtensible(other)"); + CompileRun("Object.preventExtensions(other)"); + ExpectTrue("Object.isExtensible(other)"); + + // Object.seal and Object.freeze. + CompileRun("Object.freeze(other)"); + ExpectTrue("Object.isExtensible(other)"); + + CompileRun("Object.seal(other)"); + ExpectTrue("Object.isExtensible(other)"); } -- 2.7.4