Changeset 222175 in webkit for trunk/Source/JavaScriptCore/API


Ignore:
Timestamp:
Sep 18, 2017, 1:06:34 PM (8 years ago)
Author:
Yusuke Suzuki
Message:

[JSC] Consider dropping JSObjectSetPrototype feature for JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=177070

Reviewed by Saam Barati.

Due to the security reason, our global object is immutable prototype exotic object.
It prevents users from injecting proxies into the prototype chain of the global object[1].
But our JSC API does not respect this attribute, and allows users to change Prototype
of the global object after instantiating it.

This patch removes this feature. Once global object is instantiated, we cannot change Prototype
of the global object. It drops JSGlobalObject::resetPrototype use, which involves GlobalThis
edge cases.

[1]: https://github.com/tc39/ecma262/commit/935dad4283d045bc09c67a259279772d01b3d33d

  • API/JSObjectRef.cpp:

(JSObjectSetPrototype):

  • API/tests/CustomGlobalObjectClassTest.c:

(globalObjectSetPrototypeTest):

Location:
trunk/Source/JavaScriptCore/API
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

    r222017 r222175  
    268268    JSObject* jsObject = toJS(object);
    269269    JSValue jsValue = toJS(exec, value);
    270 
    271     if (JSProxy* proxy = jsDynamicCast<JSProxy*>(vm, jsObject)) {
    272         if (JSGlobalObject* globalObject = jsDynamicCast<JSGlobalObject*>(vm, proxy->target())) {
    273             globalObject->resetPrototype(vm, jsValue.isObject() ? jsValue : jsNull());
    274             return;
    275         }
    276         // Someday we might use proxies for something other than JSGlobalObjects, but today is not that day.
    277         RELEASE_ASSERT_NOT_REACHED();
    278     }
    279270    jsObject->setPrototype(vm, exec, jsValue.isObject() ? jsValue : jsNull());
     271    handleExceptionIfNeeded(exec, nullptr);
    280272}
    281273

  • trunk/Source/JavaScriptCore/API/tests/CustomGlobalObjectClassTest.c

    r216914 r222175  
    111111    JSObjectRef object = JSContextGetGlobalObject(context);
    112112
     113    JSValueRef originalPrototype = JSObjectGetPrototype(context, object);
    113114    JSObjectRef above = JSObjectMake(context, 0, 0);
    114     JSStringRef test = JSStringCreateWithUTF8CString("test");
    115     JSValueRef value = JSValueMakeString(context, test);
    116     JSObjectSetProperty(context, above, test, value, kJSPropertyAttributeDontEnum, 0);
    117 
    118115    JSObjectSetPrototype(context, object, above);
    119     JSStringRef script = JSStringCreateWithUTF8CString("test === \"test\"");
    120     JSValueRef result = JSEvaluateScript(context, script, 0, 0, 0, 0);
    121 
    122     assertTrue(JSValueToBoolean(context, result), "test === \"test\"");
    123 
    124     JSStringRelease(test);
    125     JSStringRelease(script);
     116    JSValueRef prototypeAfterChangingAttempt = JSObjectGetPrototype(context, object);
     117    assertTrue(JSValueIsStrictEqual(context, prototypeAfterChangingAttempt, originalPrototype), "Global object's [[Prototype]] cannot be changed after instantiating it");
    126118}
    127119
Note: See TracChangeset for help on using the changeset viewer.