Bug 153925 - Object.getOwnPropertyDescriptor() does not work on sub-frame's window
Summary: Object.getOwnPropertyDescriptor() does not work on sub-frame's window
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Bindings (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: WebExposed
Depends on:
Blocks:
 
Reported: 2016-02-05 12:37 PST by Chris Dumez
Modified: 2016-02-06 10:12 PST (History)
11 users (show)

See Also:


Attachments
Patch (5.92 KB, patch)
2016-02-05 15:29 PST, Chris Dumez
no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews102 for mac-yosemite (758.87 KB, application/zip)
2016-02-05 16:15 PST, Build Bot
no flags Details
Patch (36.60 KB, patch)
2016-02-05 16:16 PST, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (42.11 KB, patch)
2016-02-05 19:25 PST, Chris Dumez
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-02-05 12:37:35 PST
Object.getOwnPropertyDescriptor() does not work on sub-frame's windows, it returns undefined in WebKit but works as expected in Firefox and Chrome.
Comment 1 Chris Dumez 2016-02-05 15:29:19 PST
Created attachment 270776 [details]
Patch
Comment 2 Build Bot 2016-02-05 16:15:08 PST
Comment on attachment 270776 [details]
Patch

Attachment 270776 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/788171

New failing tests:
http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html
Comment 3 Build Bot 2016-02-05 16:15:13 PST
Created attachment 270779 [details]
Archive of layout-test-results from ews102 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 4 Chris Dumez 2016-02-05 16:16:57 PST
Created attachment 270780 [details]
Patch
Comment 5 Chris Dumez 2016-02-05 19:25:41 PST
Created attachment 270787 [details]
Patch
Comment 6 Chris Dumez 2016-02-05 19:30:05 PST
Comment on attachment 270787 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review

> LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt:11
>  PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window, "document").get.call').

This one throws instead of returning undefined and logging a console message. This is because Object.getOwnPropertyDescriptor(window, "document") currently returns a 'value' descriptor instead of a getter/setter one (which does not match the spec or Firefox).

> LayoutTests/http/tests/security/cross-origin-window-property-access.html:30
> +    shouldThrowOrReturnUndefined('Object.getOwnPropertyDescriptor(window, "name").get.call(crossOriginWindow)');

Following Gavin's suggestion, I added more cross-origin getter tests to make sure we don't bypass origin checks.
Comment 7 Darin Adler 2016-02-06 08:25:46 PST
Comment on attachment 270787 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270787&action=review

> Source/JavaScriptCore/runtime/JSObject.cpp:2586
>      /* Workaround, JSDOMWindow::getOwnPropertySlot searches the prototype chain. :-( */

Since you are touching this, I suggest modernizing this comment too. I don’t think it’s clear at all. And it’s a /* */ comment too!
Comment 8 Chris Dumez 2016-02-06 10:12:21 PST
Committed r196220: <http://trac.webkit.org/changeset/196220>