Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object: - https://html.spec.whatwg.org/#windowproxy-setprototypeof - https://html.spec.whatwg.org/#location-setprototypeof - http://www.ecma-international.org/ecma-262/6.0/#sec-object.setprototypeof (step 7) Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message.
Created attachment 287421 [details] Patch
Created attachment 287423 [details] Patch
Object.setPrototypeOf should throw on a same-origin Window too (but not on same-origin Location).
(In reply to comment #3) > Object.setPrototypeOf should throw on a same-origin Window too (but not on > same-origin Location). As mentioned in the ChangeLog, I intentionally did not change the same-origin case in this patch. I'll consider making this change in a follow-up. Also, could you clarify why it would throw for same-origin Location? The specification for Location and Window seems identical: - https://html.spec.whatwg.org/#windowproxy-setprototypeof - https://html.spec.whatwg.org/#location-setprototypeof
> I'll consider making this change in a follow-up. Ah, ok. > Also, could you clarify why it would throw for same-origin Location? I assume that's missing a negative somewhere... I was wrong. It looks like the spec says to throw for Object.setPrototypeOf on a same-origin location (and at least Gecko does in fact do that).
Comment on attachment 287423 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=287423&action=review > Source/JavaScriptCore/runtime/ObjectConstructor.cpp:233 > + throwTypeError(exec, ASCIILiteral("permission denied")); Capitalize p?
Committed r205205: <http://trac.webkit.org/changeset/205205>