Summary: | Object.getOwnPropertyDescriptor() does not work on sub-frame's window | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||||||||
Component: | Bindings | Assignee: | Chris Dumez <cdumez> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | barraclough, buildbot, commit-queue, ggaren, keith_miller, mark.lam, msaboff, oliver, rniwa, saam, sam | ||||||||||
Priority: | P2 | Keywords: | WebExposed | ||||||||||
Version: | WebKit Nightly Build | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=153931 | ||||||||||||
Attachments: |
|
Description
Chris Dumez
2016-02-05 12:37:35 PST
Created attachment 270776 [details]
Patch
Comment on attachment 270776 [details] Patch Attachment 270776 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/788171 New failing tests: http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html Created attachment 270779 [details]
Archive of layout-test-results from ews102 for mac-yosemite
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 270780 [details]
Patch
Created attachment 270787 [details]
Patch
Comment on attachment 270787 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review > LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt:11 > PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "document").get.call'). This one throws instead of returning undefined and logging a console message. This is because Object.getOwnPropertyDescriptor(window, "document") currently returns a 'value' descriptor instead of a getter/setter one (which does not match the spec or Firefox). > LayoutTests/http/tests/security/cross-origin-window-property-access.html:30 > + shouldThrowOrReturnUndefined('Object.getOwnPropertyDescriptor(window, "name").get.call(crossOriginWindow)'); Following Gavin's suggestion, I added more cross-origin getter tests to make sure we don't bypass origin checks. Comment on attachment 270787 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:2586 > /* Workaround, JSDOMWindow::getOwnPropertySlot searches the prototype chain. :-( */ Since you are touching this, I suggest modernizing this comment too. I don’t think it’s clear at all. And it’s a /* */ comment too! Committed r196220: <http://trac.webkit.org/changeset/196220> |