| Index: test/cctest/test-api.cc
|
| diff --git a/test/cctest/test-api.cc b/test/cctest/test-api.cc
|
| index a201851181a780deb897b69a7d238c1bef31479f..afc973b0b41abb11d49665b9954d45911d41a5d5 100644
|
| --- a/test/cctest/test-api.cc
|
| +++ b/test/cctest/test-api.cc
|
| @@ -5323,7 +5323,8 @@ static bool IndexedAccessBlocker(Local<v8::Object> global,
|
| uint32_t key,
|
| v8::AccessType type,
|
| Local<Value> data) {
|
| - return Context::GetCurrent()->Global()->Equals(global);
|
| + return Context::GetCurrent()->Global()->Equals(global) ||
|
| + allowed_access_type[type];
|
| }
|
|
|
|
|
| @@ -5390,6 +5391,18 @@ TEST(AccessControl) {
|
| Local<Value> getter = global0->Get(v8_str("getter"));
|
| Local<Value> setter = global0->Get(v8_str("setter"));
|
|
|
| + // And define normal element.
|
| + global0->Set(239, v8_str("239"));
|
| +
|
| + // Define an element with JS getter and setter.
|
| + CompileRun(
|
| + "function el_getter() { return 'el_getter'; };\n"
|
| + "function el_setter() { return 'el_setter'; };\n"
|
| + "Object.defineProperty(this, '42', {get: el_getter, set: el_setter});");
|
| +
|
| + Local<Value> el_getter = global0->Get(v8_str("el_getter"));
|
| + Local<Value> el_setter = global0->Get(v8_str("el_setter"));
|
| +
|
| v8::HandleScope scope1;
|
|
|
| v8::Persistent<Context> context1 = Context::New();
|
| @@ -5398,7 +5411,7 @@ TEST(AccessControl) {
|
| v8::Handle<v8::Object> global1 = context1->Global();
|
| global1->Set(v8_str("other"), global0);
|
|
|
| - // Access blocked property
|
| + // Access blocked property.
|
| CompileRun("other.blocked_prop = 1");
|
|
|
| ExpectUndefined("other.blocked_prop");
|
| @@ -5416,6 +5429,23 @@ TEST(AccessControl) {
|
| ExpectTrue("propertyIsEnumerable.call(other, 'blocked_prop')");
|
| allowed_access_type[v8::ACCESS_HAS] = false;
|
|
|
| + // Access blocked element.
|
| + CompileRun("other[239] = 1");
|
| +
|
| + ExpectUndefined("other[239]");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '239')");
|
| + ExpectFalse("propertyIsEnumerable.call(other, '239')");
|
| +
|
| + // Enable ACCESS_HAS
|
| + allowed_access_type[v8::ACCESS_HAS] = true;
|
| + ExpectUndefined("other[239]");
|
| + // ... and now we can get the descriptor...
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '239').value");
|
| + // ... and enumerate the property.
|
| + ExpectTrue("propertyIsEnumerable.call(other, '239')");
|
| + allowed_access_type[v8::ACCESS_HAS] = false;
|
| +
|
| + // Access a property with JS accessor.
|
| CompileRun("other.js_accessor_p = 2");
|
|
|
| ExpectUndefined("other.js_accessor_p");
|
| @@ -5480,6 +5510,58 @@ TEST(AccessControl) {
|
| allowed_access_type[v8::ACCESS_GET] = false;
|
| allowed_access_type[v8::ACCESS_HAS] = false;
|
|
|
| + // Access an element with JS accessor.
|
| + CompileRun("other[42] = 2");
|
| +
|
| + ExpectUndefined("other[42]");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42')");
|
| +
|
| + // Enable ACCESS_HAS.
|
| + allowed_access_type[v8::ACCESS_HAS] = true;
|
| + ExpectUndefined("other[42]");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').get");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').set");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').value");
|
| + allowed_access_type[v8::ACCESS_HAS] = false;
|
| +
|
| + // Enable both ACCESS_HAS and ACCESS_GET.
|
| + allowed_access_type[v8::ACCESS_HAS] = true;
|
| + allowed_access_type[v8::ACCESS_GET] = true;
|
| +
|
| + ExpectString("other[42]", "el_getter");
|
| + ExpectObject("Object.getOwnPropertyDescriptor(other, '42').get", el_getter);
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').set");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').value");
|
| +
|
| + allowed_access_type[v8::ACCESS_GET] = false;
|
| + allowed_access_type[v8::ACCESS_HAS] = false;
|
| +
|
| + // Enable both ACCESS_HAS and ACCESS_SET.
|
| + allowed_access_type[v8::ACCESS_HAS] = true;
|
| + allowed_access_type[v8::ACCESS_SET] = true;
|
| +
|
| + ExpectUndefined("other[42]");
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').get");
|
| + ExpectObject("Object.getOwnPropertyDescriptor(other, '42').set", el_setter);
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').value");
|
| +
|
| + allowed_access_type[v8::ACCESS_SET] = false;
|
| + allowed_access_type[v8::ACCESS_HAS] = false;
|
| +
|
| + // Enable both ACCESS_HAS, ACCESS_GET and ACCESS_SET.
|
| + allowed_access_type[v8::ACCESS_HAS] = true;
|
| + allowed_access_type[v8::ACCESS_GET] = true;
|
| + allowed_access_type[v8::ACCESS_SET] = true;
|
| +
|
| + ExpectString("other[42]", "el_getter");
|
| + ExpectObject("Object.getOwnPropertyDescriptor(other, '42').get", el_getter);
|
| + ExpectObject("Object.getOwnPropertyDescriptor(other, '42').set", el_setter);
|
| + ExpectUndefined("Object.getOwnPropertyDescriptor(other, '42').value");
|
| +
|
| + allowed_access_type[v8::ACCESS_SET] = false;
|
| + allowed_access_type[v8::ACCESS_GET] = false;
|
| + allowed_access_type[v8::ACCESS_HAS] = false;
|
| +
|
| v8::Handle<Value> value;
|
|
|
| // Access accessible property
|
|
|
Chromium Code Reviews
Issue 6246055:
Do proper security checks when accessing elements with getOwnPropertyDescriptor. (Closed)
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge