Bug 159756

Summary: Object.prototype.__proto__ getter still provides access to WindowProxy
Product: WebKit Reporter: Mark S. Miller <erights>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: erights, keith_miller, mark.lam, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Screenshot of failure on r203223 in debugger console none

Description Mark S. Miller 2016-07-13 23:57:41 PDT
Re https://bugs.webkit.org/show_bug.cgi?id=141865 , the underlying problem remains. At https://bugs.webkit.org/show_bug.cgi?id=141865#c11 I write:



The more interesting case is:

>>> (function(){'use strict'; var g = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get; return g();})();

so that g is obtained from a local environment record rather than the global one. On this, FF Nightly 50.0a1 (2016-07-13) correctly throws

TypeError: get __proto__ method called on incompatible undefined

whereas Webkit Nightly 9.1.1 (11601.6.17, r203190) returns the WindowPrototype, which is just as dangerous as ever.


At https://bugs.webkit.org/show_bug.cgi?id=141865#c9 Brent asked me to open a new bug if this is still a problem. Hence this new bug.
Comment 1 Keith Miller 2016-07-14 10:07:36 PDT
On r203223 I get the following output.

>>> (function(){'use strict'; var g = Object.getOwnPropertyDescriptor(Object.prototype, '__proto__').get; return g();})();
Exception: TypeError: Can't convert undefined or null to object

Is this incorrect?
Comment 2 Mark S. Miller 2016-07-14 15:33:56 PDT
Created attachment 283694 [details]
Screenshot of failure on r203223 in debugger console
Comment 3 Mark S. Miller 2016-07-14 15:35:22 PDT
That's not the behavior I am seeing in WebKit Nightly just now on 9.1.1 (11601.6.17, r203223). See the attached screenshot.
Comment 4 Mark S. Miller 2016-07-14 15:37:59 PDT
In that screenshot, nevermind the red line about a failure to load above the real example. That is completely unrelated.
Comment 5 Mark S. Miller 2018-07-25 07:57:07 PDT
Can this bug be closed now? I think the issues are fixed.