Bug 213075

Summary: RegExp.prototype getters should throw on cross-realm access
Product: WebKit Reporter: Alexey Shvayka <ashvayka>
Component: JavaScriptCoreAssignee: Alexey Shvayka <ashvayka>
Status: RESOLVED FIXED    
Severity: Trivial CC: ews-watchlist, keith_miller, littledan, mark.lam, msaboff, ross.kirsling, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

Alexey Shvayka
Reported 2020-06-11 08:00:25 PDT
RegExp.prototype getters should throw on cross-realm access
Attachments
Patch (9.29 KB, patch)
2020-06-11 08:01 PDT, Alexey Shvayka 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Shvayka
Comment 1 2020-06-11 08:01:49 PDT
Created attachment 401644 [details] Patch
Saam Barati
Comment 2 2020-06-11 09:19:02 PDT
Comment on attachment 401644 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=401644&action=review > Source/JavaScriptCore/runtime/RegExpPrototype.cpp:242 > + if (thisValue == globalObject->regExpPrototype()) Which realm is used by the spec? The realm from the object? Or the realm of the static code running? This is using the latter. Is that intentional?
Alexey Shvayka
Comment 3 2020-06-11 09:32:45 PDT
(In reply to Saam Barati from comment #2) > Comment on attachment 401644 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=401644&action=review > > > Source/JavaScriptCore/runtime/RegExpPrototype.cpp:242 > > + if (thisValue == globalObject->regExpPrototype()) > > Which realm is used by the spec? The realm from the object? Or the realm of > the static code running? This is using the latter. Is that intentional? The spec uses realm of static code (of a getter). Otherwise, the check would never fail: if `object` is a %RegExp.prototype%, `object.realm.RegExp.prototype` is `object` itself.
EWS
Comment 4 2020-06-11 10:24:00 PDT
Committed r262908: <https://trac.webkit.org/changeset/262908> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401644 [details].
Radar WebKit Bug Importer
Comment 5 2020-06-11 10:24:17 PDT
<rdar://problem/64259571>
Note You need to log in before you can comment on or make changes to this bug.