Changeset 222175 in webkit for trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

Timestamp:

Sep 18, 2017, 1:06:34 PM (8 years ago)

Author:

Yusuke Suzuki

Message:

[JSC] Consider dropping JSObjectSetPrototype feature for JSGlobalObject
​https://bugs.webkit.org/show_bug.cgi?id=177070

Reviewed by Saam Barati.

Due to the security reason, our global object is immutable prototype exotic object.
It prevents users from injecting proxies into the prototype chain of the global object[1].
But our JSC API does not respect this attribute, and allows users to change Prototype
of the global object after instantiating it.

This patch removes this feature. Once global object is instantiated, we cannot change Prototype
of the global object. It drops JSGlobalObject::resetPrototype use, which involves GlobalThis
edge cases.

[1]: ​https://github.com/tc39/ecma262/commit/935dad4283d045bc09c67a259279772d01b3d33d

• API/JSObjectRef.cpp:

(JSObjectSetPrototype):

• API/tests/CustomGlobalObjectClassTest.c:

(globalObjectSetPrototypeTest):

File:

• trunk/Source/JavaScriptCore/API/JSObjectRef.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

@@ -268 +268 @@
     JSObject* jsObject = toJS(object);
     JSValue jsValue = toJS(exec, value);
-
-    if (JSProxy* proxy = jsDynamicCast<JSProxy*>(vm, jsObject)) {
-        if (JSGlobalObject* globalObject = jsDynamicCast<JSGlobalObject*>(vm, proxy->target())) {
-            globalObject->resetPrototype(vm, jsValue.isObject() ? jsValue : jsNull());
-            return;
-        }
-        // Someday we might use proxies for something other than JSGlobalObjects, but today is not that day.
-        RELEASE_ASSERT_NOT_REACHED();
-    }
     jsObject->setPrototype(vm, exec, jsValue.isObject() ? jsValue : jsNull());
+    handleExceptionIfNeeded(exec, nullptr);
 }