RESOLVED FIXED 161396
Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object 
https://bugs.webkit.org/show_bug.cgi?id=161396
Summary Object.setPrototypeOf() should throw when used on a cross-origin Window / Loc...
Chris Dumez
Reported 2016-08-30 12:44:22 PDT
Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object: - https://html.spec.whatwg.org/#windowproxy-setprototypeof - https://html.spec.whatwg.org/#location-setprototypeof - http://www.ecma-international.org/ecma-262/6.0/#sec-object.setprototypeof (step 7) Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message.
Attachments
Patch (7.08 KB, patch)
2016-08-30 12:47 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (7.07 KB, patch)
2016-08-30 12:51 PDT, Chris Dumez 		rniwa: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-08-30 12:47:21 PDT
Created attachment 287421 [details] Patch
Chris Dumez
Comment 2 2016-08-30 12:51:13 PDT
Created attachment 287423 [details] Patch
Boris Zbarsky
Comment 3 2016-08-30 13:08:43 PDT
Object.setPrototypeOf should throw on a same-origin Window too (but not on same-origin Location).
Chris Dumez
Comment 4 2016-08-30 13:20:26 PDT
(In reply to comment #3) > Object.setPrototypeOf should throw on a same-origin Window too (but not on > same-origin Location). As mentioned in the ChangeLog, I intentionally did not change the same-origin case in this patch. I'll consider making this change in a follow-up. Also, could you clarify why it would throw for same-origin Location? The specification for Location and Window seems identical: - https://html.spec.whatwg.org/#windowproxy-setprototypeof - https://html.spec.whatwg.org/#location-setprototypeof
Boris Zbarsky
Comment 5 2016-08-30 14:31:10 PDT
> I'll consider making this change in a follow-up. Ah, ok. > Also, could you clarify why it would throw for same-origin Location? I assume that's missing a negative somewhere... I was wrong. It looks like the spec says to throw for Object.setPrototypeOf on a same-origin location (and at least Gecko does in fact do that).
Ryosuke Niwa
Comment 6 2016-08-30 15:48:09 PDT
Comment on attachment 287423 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287423&action=review > Source/JavaScriptCore/runtime/ObjectConstructor.cpp:233 > + throwTypeError(exec, ASCIILiteral("permission denied")); Capitalize p?
Chris Dumez
Comment 7 2016-08-30 15:51:39 PDT
Committed r205205: <http://trac.webkit.org/changeset/205205>
Note You need to log in before you can comment on or make changes to this bug.