Handlify JSObject::CanSetCallback.
Also use temporary wrapper functions where possible to mark progress. R=ishell@chromium.org Review URL: https://codereview.chromium.org/172503002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19743 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
yangguo@chromium.org
parent
4826aa7af2
commit
469428e610
@ -31,7 +31,7 @@
|
|||||||
'console%': '',
|
'console%': '',
|
||||||
# Enable support for Intel VTune. Supported on ia32/x64 only
|
# Enable support for Intel VTune. Supported on ia32/x64 only
|
||||||
'v8_enable_vtunejit%': 0,
|
'v8_enable_vtunejit%': 0,
|
||||||
'v8_enable_i18n_support%': 0,
|
'v8_enable_i18n_support%': 1,
|
||||||
'v8_toolset_for_d8%': 'target',
|
'v8_toolset_for_d8%': 'target',
|
||||||
},
|
},
|
||||||
'includes': ['../build/toolchain.gypi', '../build/features.gypi'],
|
'includes': ['../build/toolchain.gypi', '../build/features.gypi'],
|
||||||
|
|||||||
@ -537,10 +537,10 @@ Handle<FixedArray> GetKeysInFixedArrayFor(Handle<JSReceiver> object,
|
|||||||
|
|
||||||
// Check access rights if required.
|
// Check access rights if required.
|
||||||
if (current->IsAccessCheckNeeded() &&
|
if (current->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*current,
|
!isolate->MayNamedAccessWrapper(current,
|
||||||
isolate->heap()->undefined_value(),
|
isolate->factory()->undefined_value(),
|
||||||
v8::ACCESS_KEYS)) {
|
v8::ACCESS_KEYS)) {
|
||||||
isolate->ReportFailedAccessCheck(*current, v8::ACCESS_KEYS);
|
isolate->ReportFailedAccessCheckWrapper(current, v8::ACCESS_KEYS);
|
||||||
if (isolate->has_scheduled_exception()) {
|
if (isolate->has_scheduled_exception()) {
|
||||||
isolate->PromoteScheduledException();
|
isolate->PromoteScheduledException();
|
||||||
*threw = true;
|
*threw = true;
|
||||||
|
|||||||
@ -741,6 +741,10 @@ class Isolate {
|
|||||||
v8::AccessType type) {
|
v8::AccessType type) {
|
||||||
return MayIndexedAccess(*receiver, index, type);
|
return MayIndexedAccess(*receiver, index, type);
|
||||||
}
|
}
|
||||||
|
void ReportFailedAccessCheckWrapper(Handle<JSObject> receiver,
|
||||||
|
v8::AccessType type) {
|
||||||
|
ReportFailedAccessCheck(*receiver, type);
|
||||||
|
}
|
||||||
|
|
||||||
bool MayNamedAccess(JSObject* receiver,
|
bool MayNamedAccess(JSObject* receiver,
|
||||||
Object* key,
|
Object* key,
|
||||||
|
|||||||
@ -615,7 +615,7 @@ Handle<Object> JSObject::GetPropertyWithFailedAccessCheck(
|
|||||||
|
|
||||||
// No accessible property found.
|
// No accessible property found.
|
||||||
*attributes = ABSENT;
|
*attributes = ABSENT;
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_GET);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_GET);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return isolate->factory()->undefined_value();
|
return isolate->factory()->undefined_value();
|
||||||
}
|
}
|
||||||
@ -3381,6 +3381,7 @@ MaybeObject* Map::AsElementsKind(ElementsKind kind) {
|
|||||||
|
|
||||||
|
|
||||||
void JSObject::LocalLookupRealNamedProperty(Name* name, LookupResult* result) {
|
void JSObject::LocalLookupRealNamedProperty(Name* name, LookupResult* result) {
|
||||||
|
DisallowHeapAllocation no_gc;
|
||||||
if (IsJSGlobalProxy()) {
|
if (IsJSGlobalProxy()) {
|
||||||
Object* proto = GetPrototype();
|
Object* proto = GetPrototype();
|
||||||
if (proto->IsNull()) return result->NotFound();
|
if (proto->IsNull()) return result->NotFound();
|
||||||
@ -3516,7 +3517,7 @@ Handle<Object> JSObject::SetPropertyWithFailedAccessCheck(
|
|||||||
}
|
}
|
||||||
|
|
||||||
Isolate* isolate = object->GetIsolate();
|
Isolate* isolate = object->GetIsolate();
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
@ -4046,7 +4047,7 @@ Handle<Object> JSObject::SetPropertyForResult(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
|
if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
|
||||||
return SetPropertyWithFailedAccessCheck(object, lookup, name, value,
|
return SetPropertyWithFailedAccessCheck(object, lookup, name, value,
|
||||||
true, strict_mode);
|
true, strict_mode);
|
||||||
}
|
}
|
||||||
@ -4180,7 +4181,7 @@ Handle<Object> JSObject::SetLocalPropertyIgnoreAttributes(
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
|
if (!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
|
||||||
return SetPropertyWithFailedAccessCheck(object, &lookup, name, value,
|
return SetPropertyWithFailedAccessCheck(object, &lookup, name, value,
|
||||||
false, kNonStrictMode);
|
false, kNonStrictMode);
|
||||||
}
|
}
|
||||||
@ -5164,8 +5165,8 @@ Handle<Object> JSObject::DeleteElement(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayIndexedAccess(*object, index, v8::ACCESS_DELETE)) {
|
!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_DELETE)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return factory->false_value();
|
return factory->false_value();
|
||||||
}
|
}
|
||||||
@ -5228,8 +5229,8 @@ Handle<Object> JSObject::DeleteProperty(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_DELETE)) {
|
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_DELETE)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_DELETE);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_DELETE);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return isolate->factory()->false_value();
|
return isolate->factory()->false_value();
|
||||||
}
|
}
|
||||||
@ -5458,10 +5459,10 @@ Handle<Object> JSObject::PreventExtensions(Handle<JSObject> object) {
|
|||||||
if (!object->map()->is_extensible()) return object;
|
if (!object->map()->is_extensible()) return object;
|
||||||
|
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object,
|
!isolate->MayNamedAccessWrapper(object,
|
||||||
isolate->heap()->undefined_value(),
|
isolate->factory()->undefined_value(),
|
||||||
v8::ACCESS_KEYS)) {
|
v8::ACCESS_KEYS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return isolate->factory()->false_value();
|
return isolate->factory()->false_value();
|
||||||
}
|
}
|
||||||
@ -5538,10 +5539,10 @@ Handle<Object> JSObject::Freeze(Handle<JSObject> object) {
|
|||||||
|
|
||||||
Isolate* isolate = object->GetIsolate();
|
Isolate* isolate = object->GetIsolate();
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object,
|
!isolate->MayNamedAccessWrapper(object,
|
||||||
isolate->heap()->undefined_value(),
|
isolate->factory()->undefined_value(),
|
||||||
v8::ACCESS_KEYS)) {
|
v8::ACCESS_KEYS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return isolate->factory()->false_value();
|
return isolate->factory()->false_value();
|
||||||
}
|
}
|
||||||
@ -6201,9 +6202,10 @@ void JSObject::DefinePropertyAccessor(Handle<JSObject> object,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool JSObject::CanSetCallback(Name* name) {
|
bool JSObject::CanSetCallback(Handle<JSObject> object, Handle<Name> name) {
|
||||||
ASSERT(!IsAccessCheckNeeded() ||
|
Isolate* isolate = object->GetIsolate();
|
||||||
GetIsolate()->MayNamedAccess(this, name, v8::ACCESS_SET));
|
ASSERT(!object->IsAccessCheckNeeded() ||
|
||||||
|
isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET));
|
||||||
|
|
||||||
// Check if there is an API defined callback object which prohibits
|
// Check if there is an API defined callback object which prohibits
|
||||||
// callback overwriting in this object or its prototype chain.
|
// callback overwriting in this object or its prototype chain.
|
||||||
@ -6211,15 +6213,15 @@ bool JSObject::CanSetCallback(Name* name) {
|
|||||||
// certain accessors such as window.location should not be allowed
|
// certain accessors such as window.location should not be allowed
|
||||||
// to be overwritten because allowing overwriting could potentially
|
// to be overwritten because allowing overwriting could potentially
|
||||||
// cause security problems.
|
// cause security problems.
|
||||||
LookupResult callback_result(GetIsolate());
|
LookupResult callback_result(isolate);
|
||||||
LookupCallbackProperty(name, &callback_result);
|
object->LookupCallbackProperty(*name, &callback_result);
|
||||||
if (callback_result.IsFound()) {
|
if (callback_result.IsFound()) {
|
||||||
Object* obj = callback_result.GetCallbackObject();
|
Object* callback_obj = callback_result.GetCallbackObject();
|
||||||
if (obj->IsAccessorInfo()) {
|
if (callback_obj->IsAccessorInfo()) {
|
||||||
return !AccessorInfo::cast(obj)->prohibits_overwriting();
|
return !AccessorInfo::cast(callback_obj)->prohibits_overwriting();
|
||||||
}
|
}
|
||||||
if (obj->IsAccessorPair()) {
|
if (callback_obj->IsAccessorPair()) {
|
||||||
return !AccessorPair::cast(obj)->prohibits_overwriting();
|
return !AccessorPair::cast(callback_obj)->prohibits_overwriting();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
@ -6326,8 +6328,8 @@ void JSObject::DefineAccessor(Handle<JSObject> object,
|
|||||||
Isolate* isolate = object->GetIsolate();
|
Isolate* isolate = object->GetIsolate();
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
|
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6351,7 +6353,7 @@ void JSObject::DefineAccessor(Handle<JSObject> object,
|
|||||||
// Try to flatten before operating on the string.
|
// Try to flatten before operating on the string.
|
||||||
if (name->IsString()) String::cast(*name)->TryFlatten();
|
if (name->IsString()) String::cast(*name)->TryFlatten();
|
||||||
|
|
||||||
if (!object->CanSetCallback(*name)) return;
|
if (!JSObject::CanSetCallback(object, name)) return;
|
||||||
|
|
||||||
uint32_t index = 0;
|
uint32_t index = 0;
|
||||||
bool is_element = name->AsArrayIndex(&index);
|
bool is_element = name->AsArrayIndex(&index);
|
||||||
@ -6518,8 +6520,8 @@ Handle<Object> JSObject::SetAccessor(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_SET)) {
|
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_SET)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return factory->undefined_value();
|
return factory->undefined_value();
|
||||||
}
|
}
|
||||||
@ -6538,7 +6540,9 @@ Handle<Object> JSObject::SetAccessor(Handle<JSObject> object,
|
|||||||
// Try to flatten before operating on the string.
|
// Try to flatten before operating on the string.
|
||||||
if (name->IsString()) FlattenString(Handle<String>::cast(name));
|
if (name->IsString()) FlattenString(Handle<String>::cast(name));
|
||||||
|
|
||||||
if (!object->CanSetCallback(*name)) return factory->undefined_value();
|
if (!JSObject::CanSetCallback(object, name)) {
|
||||||
|
return factory->undefined_value();
|
||||||
|
}
|
||||||
|
|
||||||
uint32_t index = 0;
|
uint32_t index = 0;
|
||||||
bool is_element = name->AsArrayIndex(&index);
|
bool is_element = name->AsArrayIndex(&index);
|
||||||
@ -6602,8 +6606,8 @@ Handle<Object> JSObject::GetAccessor(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object, *name, v8::ACCESS_HAS)) {
|
!isolate->MayNamedAccessWrapper(object, name, v8::ACCESS_HAS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return isolate->factory()->undefined_value();
|
return isolate->factory()->undefined_value();
|
||||||
}
|
}
|
||||||
@ -12514,8 +12518,8 @@ Handle<Object> JSObject::SetElement(Handle<JSObject> object,
|
|||||||
|
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_SET)) {
|
if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_SET)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_SET);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_SET);
|
||||||
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
RETURN_HANDLE_IF_SCHEDULED_EXCEPTION(isolate, Object);
|
||||||
return value;
|
return value;
|
||||||
}
|
}
|
||||||
@ -13343,8 +13347,8 @@ bool JSObject::HasRealNamedProperty(Handle<JSObject> object,
|
|||||||
SealHandleScope shs(isolate);
|
SealHandleScope shs(isolate);
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) {
|
if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -13360,8 +13364,8 @@ bool JSObject::HasRealElementProperty(Handle<JSObject> object, uint32_t index) {
|
|||||||
SealHandleScope shs(isolate);
|
SealHandleScope shs(isolate);
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS)) {
|
if (!isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -13385,8 +13389,8 @@ bool JSObject::HasRealNamedCallbackProperty(Handle<JSObject> object,
|
|||||||
SealHandleScope shs(isolate);
|
SealHandleScope shs(isolate);
|
||||||
// Check access rights if needed.
|
// Check access rights if needed.
|
||||||
if (object->IsAccessCheckNeeded()) {
|
if (object->IsAccessCheckNeeded()) {
|
||||||
if (!isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS)) {
|
if (!isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS)) {
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_HAS);
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_HAS);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2923,7 +2923,7 @@ class JSObject: public JSReceiver {
|
|||||||
// Gets the current elements capacity and the number of used elements.
|
// Gets the current elements capacity and the number of used elements.
|
||||||
void GetElementsCapacityAndUsage(int* capacity, int* used);
|
void GetElementsCapacityAndUsage(int* capacity, int* used);
|
||||||
|
|
||||||
bool CanSetCallback(Name* name);
|
static bool CanSetCallback(Handle<JSObject> object, Handle<Name> name);
|
||||||
static void SetElementCallback(Handle<JSObject> object,
|
static void SetElementCallback(Handle<JSObject> object,
|
||||||
uint32_t index,
|
uint32_t index,
|
||||||
Handle<Object> structure,
|
Handle<Object> structure,
|
||||||
|
|||||||
@ -1621,7 +1621,8 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetPrototype) {
|
|||||||
!isolate->MayNamedAccessWrapper(Handle<JSObject>::cast(obj),
|
!isolate->MayNamedAccessWrapper(Handle<JSObject>::cast(obj),
|
||||||
isolate->factory()->proto_string(),
|
isolate->factory()->proto_string(),
|
||||||
v8::ACCESS_GET)) {
|
v8::ACCESS_GET)) {
|
||||||
isolate->ReportFailedAccessCheck(JSObject::cast(*obj), v8::ACCESS_GET);
|
isolate->ReportFailedAccessCheckWrapper(Handle<JSObject>::cast(obj),
|
||||||
|
v8::ACCESS_GET);
|
||||||
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
||||||
return isolate->heap()->undefined_value();
|
return isolate->heap()->undefined_value();
|
||||||
}
|
}
|
||||||
@ -1747,7 +1748,7 @@ static AccessCheckResult CheckPropertyAccess(Handle<JSObject> obj,
|
|||||||
return ACCESS_ALLOWED;
|
return ACCESS_ALLOWED;
|
||||||
}
|
}
|
||||||
|
|
||||||
obj->GetIsolate()->ReportFailedAccessCheck(*obj, access_type);
|
obj->GetIsolate()->ReportFailedAccessCheckWrapper(obj, access_type);
|
||||||
return ACCESS_FORBIDDEN;
|
return ACCESS_FORBIDDEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1786,7 +1787,7 @@ static AccessCheckResult CheckPropertyAccess(Handle<JSObject> obj,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
isolate->ReportFailedAccessCheck(*obj, access_type);
|
isolate->ReportFailedAccessCheckWrapper(obj, access_type);
|
||||||
return ACCESS_FORBIDDEN;
|
return ACCESS_FORBIDDEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5743,10 +5744,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
|
|||||||
if (obj->IsJSGlobalProxy()) {
|
if (obj->IsJSGlobalProxy()) {
|
||||||
// Only collect names if access is permitted.
|
// Only collect names if access is permitted.
|
||||||
if (obj->IsAccessCheckNeeded() &&
|
if (obj->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*obj,
|
!isolate->MayNamedAccessWrapper(obj,
|
||||||
isolate->heap()->undefined_value(),
|
isolate->factory()->undefined_value(),
|
||||||
v8::ACCESS_KEYS)) {
|
v8::ACCESS_KEYS)) {
|
||||||
isolate->ReportFailedAccessCheck(*obj, v8::ACCESS_KEYS);
|
isolate->ReportFailedAccessCheckWrapper(obj, v8::ACCESS_KEYS);
|
||||||
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
||||||
return *isolate->factory()->NewJSArray(0);
|
return *isolate->factory()->NewJSArray(0);
|
||||||
}
|
}
|
||||||
@ -5763,10 +5764,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_GetLocalPropertyNames) {
|
|||||||
for (int i = 0; i < length; i++) {
|
for (int i = 0; i < length; i++) {
|
||||||
// Only collect names if access is permitted.
|
// Only collect names if access is permitted.
|
||||||
if (jsproto->IsAccessCheckNeeded() &&
|
if (jsproto->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*jsproto,
|
!isolate->MayNamedAccessWrapper(jsproto,
|
||||||
isolate->heap()->undefined_value(),
|
isolate->factory()->undefined_value(),
|
||||||
v8::ACCESS_KEYS)) {
|
v8::ACCESS_KEYS)) {
|
||||||
isolate->ReportFailedAccessCheck(*jsproto, v8::ACCESS_KEYS);
|
isolate->ReportFailedAccessCheckWrapper(jsproto, v8::ACCESS_KEYS);
|
||||||
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
||||||
return *isolate->factory()->NewJSArray(0);
|
return *isolate->factory()->NewJSArray(0);
|
||||||
}
|
}
|
||||||
@ -5914,9 +5915,10 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_LocalKeys) {
|
|||||||
if (object->IsJSGlobalProxy()) {
|
if (object->IsJSGlobalProxy()) {
|
||||||
// Do access checks before going to the global object.
|
// Do access checks before going to the global object.
|
||||||
if (object->IsAccessCheckNeeded() &&
|
if (object->IsAccessCheckNeeded() &&
|
||||||
!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(),
|
!isolate->MayNamedAccessWrapper(object,
|
||||||
v8::ACCESS_KEYS)) {
|
isolate->factory()->undefined_value(),
|
||||||
isolate->ReportFailedAccessCheck(*object, v8::ACCESS_KEYS);
|
v8::ACCESS_KEYS)) {
|
||||||
|
isolate->ReportFailedAccessCheckWrapper(object, v8::ACCESS_KEYS);
|
||||||
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
RETURN_IF_SCHEDULED_EXCEPTION(isolate);
|
||||||
return *isolate->factory()->NewJSArray(0);
|
return *isolate->factory()->NewJSArray(0);
|
||||||
}
|
}
|
||||||
@ -14718,8 +14720,9 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) {
|
|||||||
Handle<Object> key = args.at<Object>(2);
|
Handle<Object> key = args.at<Object>(2);
|
||||||
SaveContext save(isolate);
|
SaveContext save(isolate);
|
||||||
isolate->set_context(observer->context());
|
isolate->set_context(observer->context());
|
||||||
if (!isolate->MayNamedAccess(*object, isolate->heap()->undefined_value(),
|
if (!isolate->MayNamedAccessWrapper(object,
|
||||||
v8::ACCESS_KEYS)) {
|
isolate->factory()->undefined_value(),
|
||||||
|
v8::ACCESS_KEYS)) {
|
||||||
return isolate->heap()->false_value();
|
return isolate->heap()->false_value();
|
||||||
}
|
}
|
||||||
bool access_allowed = false;
|
bool access_allowed = false;
|
||||||
@ -14727,11 +14730,12 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_IsAccessAllowedForObserver) {
|
|||||||
if (key->ToArrayIndex(&index) ||
|
if (key->ToArrayIndex(&index) ||
|
||||||
(key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
|
(key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
|
||||||
access_allowed =
|
access_allowed =
|
||||||
isolate->MayIndexedAccess(*object, index, v8::ACCESS_GET) &&
|
isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_GET) &&
|
||||||
isolate->MayIndexedAccess(*object, index, v8::ACCESS_HAS);
|
isolate->MayIndexedAccessWrapper(object, index, v8::ACCESS_HAS);
|
||||||
} else {
|
} else {
|
||||||
access_allowed = isolate->MayNamedAccess(*object, *key, v8::ACCESS_GET) &&
|
access_allowed =
|
||||||
isolate->MayNamedAccess(*object, *key, v8::ACCESS_HAS);
|
isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_GET) &&
|
||||||
|
isolate->MayNamedAccessWrapper(object, key, v8::ACCESS_HAS);
|
||||||
}
|
}
|
||||||
return isolate->heap()->ToBoolean(access_allowed);
|
return isolate->heap()->ToBoolean(access_allowed);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user