RESOLVED FIXED 162311
Object.getOwnPropertyDescriptor() does not work correctly cross origin 
https://bugs.webkit.org/show_bug.cgi?id=162311
Summary Object.getOwnPropertyDescriptor() does not work correctly cross origin
Chris Dumez
Reported 2016-09-20 11:39:13 PDT
Object.getOwnPropertyDescriptor() does not work correctly cross origin. In particular: - We return value descriptors for attributes instead of getter/setter descriptors - attributes / operations are wrongly marked as non-configurable Corresponding specification: - https://html.spec.whatwg.org/#crossoriginproperties-(-o-) - https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-) W3C test: http://w3c-test.org/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
Attachments
Patch (23.71 KB, patch)
2016-09-20 14:37 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-09-20 14:37:37 PDT
Created attachment 289398 [details] Patch
Chris Dumez
Comment 2 2016-09-20 16:01:57 PDT
Comment on attachment 289398 [details] Patch Geoff, would you mind taking a look?
Chris Dumez
Comment 3 2016-09-20 18:52:27 PDT
Comment on attachment 289398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=289398&action=review > LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:14 > +FAIL [[Enumerate]] should return an empty iterator assert_unreached: Shouldn't have been able to enumerate href on cross-origin Location Reached unreachable code I filed Bug 162328 for this remaining failure.
WebKit Commit Bot
Comment 4 2016-09-21 11:25:48 PDT
Comment on attachment 289398 [details] Patch Clearing flags on attachment: 289398 Committed r206221: <http://trac.webkit.org/changeset/206221>
WebKit Commit Bot
Comment 5 2016-09-21 11:25:55 PDT
All reviewed patches have been landed. Closing bug.
Chris Dumez
Comment 6 2016-09-21 13:08:48 PDT
Comment on attachment 289398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=289398&action=review > Source/WebCore/bindings/js/JSLocationCustom.cpp:60 > + // Getting location.href cross origin needs to throw. However, getOwnPropertyDescriptor() needs to return I filed https://github.com/whatwg/html/issues/1807 so that this behavior gets clarified at specification level.
Note You need to log in before you can comment on or make changes to this bug.