Bug 153925

Summary: Object.getOwnPropertyDescriptor() does not work on sub-frame's window
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: BindingsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, buildbot, commit-queue, ggaren, keith_miller, mark.lam, msaboff, oliver, rniwa, saam, sam
Priority: P2 Keywords: WebExposed
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=153931
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews102 for mac-yosemite
none
Patch
none
Patch darin: review+

Description Chris Dumez 2016-02-05 12:37:35 PST
Object.getOwnPropertyDescriptor() does not work on sub-frame's windows, it returns undefined in WebKit but works as expected in Firefox and Chrome.
Comment 1 Chris Dumez 2016-02-05 15:29:19 PST
Created attachment 270776 [details]
Patch
Comment 2 Build Bot 2016-02-05 16:15:08 PST
Comment on attachment 270776 [details]
Patch

Attachment 270776 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/788171

New failing tests:
http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html
Comment 3 Build Bot 2016-02-05 16:15:13 PST
Created attachment 270779 [details]
Archive of layout-test-results from ews102 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 4 Chris Dumez 2016-02-05 16:16:57 PST
Created attachment 270780 [details]
Patch
Comment 5 Chris Dumez 2016-02-05 19:25:41 PST
Created attachment 270787 [details]
Patch
Comment 6 Chris Dumez 2016-02-05 19:30:05 PST
Comment on attachment 270787 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review

> LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt:11
>  PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "document").get.call').

This one throws instead of returning undefined and logging a console message. This is because Object.getOwnPropertyDescriptor(window, "document") currently returns a 'value' descriptor instead of a getter/setter one (which does not match the spec or Firefox).

> LayoutTests/http/tests/security/cross-origin-window-property-access.html:30
> +    shouldThrowOrReturnUndefined('Object.getOwnPropertyDescriptor(window, "name").get.call(crossOriginWindow)');

Following Gavin's suggestion, I added more cross-origin getter tests to make sure we don't bypass origin checks.
Comment 7 Darin Adler 2016-02-06 08:25:46 PST
Comment on attachment 270787 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review

> Source/JavaScriptCore/runtime/JSObject.cpp:2586
>      /* Workaround, JSDOMWindow::getOwnPropertySlot searches the prototype chain. :-( */

Since you are touching this, I suggest modernizing this comment too. I don’t think it’s clear at all. And it’s a /* */ comment too!
Comment 8 Chris Dumez 2016-02-06 10:12:21 PST
Committed r196220: <http://trac.webkit.org/changeset/196220>