Issue 6286020: Better security checks when accessing named properties via Object.getOwnPropertyDescriptor.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 6286020: Better security checks when accessing named properties via Object.getOwnPropertyDescriptor. (Closed)

Created:
9 years, 10 months ago by antonm

Modified:
9 years, 4 months ago

Reviewers:
Rico, Mads Ager (chromium)

CC:
v8-dev

Base URL:
https://v8.googlecode.com/svn/branches/bleeding_edge

Visibility:
Public.

Description

Better security checks when accessing named properties via Object.getOwnPropertyDescriptor. Current approach returns undefined descriptor if caller is not granted v8::HAS_ACCESS. If the caller has v8::HAS_ACCESS, for no JS accessors regular v8::GET_ACCESS check is performed and value property of the descriptor is set to undefined if caller doesn't have proper access. For JS accessors both v8::GET_ACCESS and v8::SET_ACCESS are checked and affect if getter and setter would be stored in the descriptor. Committed: http://code.google.com/p/v8/source/detail?r=6592

Patch Set 1 #

Total comments: 2

Patch Set 2 : Addressing Mads' comments #

Created: 9 years, 10 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+177 lines, -15 lines)			Patch
	M	src/runtime.cc	View	1	3 chunks	+84 lines, -3 lines	0 comments	Download
	M	test/cctest/test-api.cc	View		4 chunks	+93 lines, -12 lines	0 comments	Download

Messages

Total messages: 4 (0 generated)

Expand Messages | Collapse Messages

Mads Ager (chromium)

LGTM http://codereview.chromium.org/6286020/diff/1/src/runtime.cc File src/runtime.cc (right): http://codereview.chromium.org/6286020/diff/1/src/runtime.cc#newcode677 src/runtime.cc:677: // The only hope there is an access ...

9 years, 10 months ago (2011-02-02 10:13:36 UTC) #2

antonm

Mads, may you have a quick look at new wording? http://codereview.chromium.org/6286020/diff/1/src/runtime.cc File src/runtime.cc (right): http://codereview.chromium.org/6286020/diff/1/src/runtime.cc#newcode677 ...

9 years, 10 months ago (2011-02-02 12:16:31 UTC) #3

Yes, thanks. LGTM

Expand Messages | Collapse Messages