01b8e7c7f6
Allowing global references to be read through a proxy results in cross-origin information leaks. The ES6 spec currently does not mitigate this in any way. This CL adds a workaround that's easy for V8: throw whenever an unresolved reference would result in a proxy trap to be fired. I'm landing this so we can move forwards with staging proxies without putting users of --harmony at risk. BUG=chromium:399951 LOG=n Review URL: https://codereview.chromium.org/1529303003 Cr-Commit-Position: refs/heads/master@{#32949}
15 lines
457 B
JavaScript
15 lines
457 B
JavaScript
// Copyright 2015 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --harmony-proxies
|
|
|
|
var failing_proxy = new Proxy({}, new Proxy({}, {
|
|
get() { throw "No trap should fire" }}));
|
|
|
|
Object.setPrototypeOf(Object.prototype, failing_proxy);
|
|
assertThrows(()=>a, TypeError);
|
|
|
|
Object.setPrototypeOf(this, failing_proxy);
|
|
assertThrows(()=>a, TypeError);
|