Bug 161396 - Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object
Summary: Object.setPrototypeOf() should throw when used on a cross-origin Window / Loc...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: WebExposed
Depends on:
Blocks:
 
Reported: 2016-08-30 12:44 PDT by Chris Dumez
Modified: 2016-08-31 13:44 PDT (History)
11 users (show)

See Also:


Attachments
Patch (7.08 KB, patch)
2016-08-30 12:47 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (7.07 KB, patch)
2016-08-30 12:51 PDT, Chris Dumez
rniwa: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-08-30 12:44:22 PDT
Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object:
- https://html.spec.whatwg.org/#windowproxy-setprototypeof
- https://html.spec.whatwg.org/#location-setprototypeof
- http://www.ecma-international.org/ecma-262/6.0/#sec-object.setprototypeof (step 7)

Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message.
Comment 1 Chris Dumez 2016-08-30 12:47:21 PDT
Created attachment 287421 [details]
Patch
Comment 2 Chris Dumez 2016-08-30 12:51:13 PDT
Created attachment 287423 [details]
Patch
Comment 3 Boris Zbarsky 2016-08-30 13:08:43 PDT
Object.setPrototypeOf should throw on a same-origin Window too (but not on same-origin Location).
Comment 4 Chris Dumez 2016-08-30 13:20:26 PDT
(In reply to comment #3)
> Object.setPrototypeOf should throw on a same-origin Window too (but not on
> same-origin Location).

As mentioned in the ChangeLog, I intentionally did not change the same-origin case in this patch. I'll consider making this change in a follow-up.

Also, could you clarify why it would throw for same-origin Location? The specification for Location and Window seems identical:
- https://html.spec.whatwg.org/#windowproxy-setprototypeof
- https://html.spec.whatwg.org/#location-setprototypeof
Comment 5 Boris Zbarsky 2016-08-30 14:31:10 PDT
> I'll consider making this change in a follow-up.

Ah, ok.

> Also, could you clarify why it would throw for same-origin Location? 

I assume that's missing a negative somewhere...

I was wrong.  It looks like the spec says to throw for Object.setPrototypeOf on a same-origin location (and at least Gecko does in fact do that).
Comment 6 Ryosuke Niwa 2016-08-30 15:48:09 PDT
Comment on attachment 287423 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=287423&action=review

> Source/JavaScriptCore/runtime/ObjectConstructor.cpp:233
> +        throwTypeError(exec, ASCIILiteral("permission denied"));

Capitalize p?
Comment 7 Chris Dumez 2016-08-30 15:51:39 PDT
Committed r205205: <http://trac.webkit.org/changeset/205205>