AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
6242b3893d
v8/test/mjsunit/harmony/proxies-cross-realm-exception.js
cbruni 2c75e3d2ab [proxies] fix access issue when having proxies on the prototype-chain of global objects. 
We can no longer just walk the prototype chain without doing proper access-checks. When installing a proxy as the __proto__ of the global object we might accidentally end up invoking cross-realm code without access-checks (see proxies-cross-realm-ecxeption.js).

Review URL: https://codereview.chromium.org/1521953002

Cr-Commit-Position: refs/heads/master@{#32903}
2015-12-16 14:31:39 +00:00

54 lines
1.7 KiB
JavaScript
Raw Blame History

// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Flags: --harmony-proxies --harmony-reflect --allow-natives-syntax
// Do not read out the prototype from a cross-realm object.
var realm = Realm.create();
__proto__ = {};
assertEquals(null,
Realm.eval(realm, "3; Reflect.getPrototypeOf(Realm.global(0))"));
assertFalse(Realm.eval(realm, "3; Realm.global(0) instanceof Object"));
__proto__ = new Proxy({}, { getPrototypeOf() { assertUnreachable() } });
assertEquals(null,
Realm.eval(realm, "1; Reflect.getPrototypeOf(Realm.global(0))"));
assertFalse(Realm.eval(realm, "1; Realm.global(0) instanceof Object"));
// Test that the instannceof check works in optimized code.
var test = Realm.eval(realm,
"()=>{1.1; return Realm.global(0) instanceof Object; }");
assertFalse(test());
test();
test();
%OptimizeFunctionOnNextCall(test);
assertFalse(test());
__proto__ = {};
__proto__ = new Proxy({}, { get(t, p, r) { assertUnreachable() } });
assertEquals(null,
Realm.eval(realm, "2; Reflect.getPrototypeOf(Realm.global(0))"));
assertFalse(Realm.eval(realm, "2; Realm.global(0) instanceof Object"));
__proto__ = {};
__proto__.__proto__ = new Proxy({}, {
getPrototypeOf() { assertUnreachable() }
});
assertEquals(null,
Realm.eval(realm, "4; Reflect.getPrototypeOf(Realm.global(0))"));
assertFalse(Realm.eval(realm, "4; Realm.global(0) instanceof Object"));
// 2-level proxy indirection
__proto__ = {};
__proto__ = new Proxy({},
new Proxy({}, {
get() { assertUnreachable() }
})
);
assertEquals(null,
Realm.eval(realm, "5; Reflect.getPrototypeOf(Realm.global(0))"));
assertFalse(Realm.eval(realm, "5; Realm.global(0) instanceof Object"));
Reference in New Issue View Git Blame Copy Permalink