Object.getOwnPropertyDescriptor() does not work correctly cross origin. In particular: - We return value descriptors for attributes instead of getter/setter descriptors - attributes / operations are wrongly marked as non-configurable Corresponding specification: - https://html.spec.whatwg.org/#crossoriginproperties-(-o-) - https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-) W3C test: http://w3c-test.org/html/browsers/origin/cross-origin-objects/cross-origin-objects.html
Created attachment 289398 [details] Patch
Comment on attachment 289398 [details] Patch Geoff, would you mind taking a look?
Comment on attachment 289398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=289398&action=review > LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:14 > +FAIL [[Enumerate]] should return an empty iterator assert_unreached: Shouldn't have been able to enumerate href on cross-origin Location Reached unreachable code I filed Bug 162328 for this remaining failure.
Comment on attachment 289398 [details] Patch Clearing flags on attachment: 289398 Committed r206221: <http://trac.webkit.org/changeset/206221>
All reviewed patches have been landed. Closing bug.
Comment on attachment 289398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=289398&action=review > Source/WebCore/bindings/js/JSLocationCustom.cpp:60 > + // Getting location.href cross origin needs to throw. However, getOwnPropertyDescriptor() needs to return I filed https://github.com/whatwg/html/issues/1807 so that this behavior gets clarified at specification level.