Introduce access control in propertyIsEnumerable....

test/cctest/test-api.cc

 // Copyright 2007-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 3168 matching lines @@
 
   // Check that env1.prop still exists.
   Local<Value> v = env1->Global()->Get(v8_str("prop"));
   CHECK(v->IsNumber());
   CHECK_EQ(3, v->Int32Value());
 
   env2.Dispose();
 }
 
 
+THREADED_TEST(CrossDomainIsPropertyEnumerable) {
+  v8::HandleScope handle_scope;
+  LocalContext env1;
+  v8::Persistent<Context> env2 = Context::New();
+
+  Local<Value> foo = v8_str("foo");
+  Local<Value> bar = v8_str("bar");
+
+  // Set to the same domain.
+  env1->SetSecurityToken(foo);
+  env2->SetSecurityToken(foo);
+
+  env1->Global()->Set(v8_str("prop"), v8_num(3));
+  env2->Global()->Set(v8_str("env1"), env1->Global());
+
+  // env1.prop is enumerable in env2.
+  Local<String> test = v8_str("propertyIsEnumerable.call(env1, 'prop')");
+  {
+    Context::Scope scope_env2(env2);
+    Local<Value> result = Script::Compile(test)->Run();
+    CHECK(result->IsTrue());
+  }
+
+  // Change env2 to a different domain and test again.
+  env2->SetSecurityToken(bar);
+  {
+    Context::Scope scope_env2(env2);
+    Local<Value> result = Script::Compile(test)->Run();
+    CHECK(result->IsFalse());
+  }
+
+  env2.Dispose();
+}
+
+
 THREADED_TEST(CrossDomainForIn) {
   v8::HandleScope handle_scope;
   LocalContext env1;
   v8::Persistent<Context> env2 = Context::New();
 
   Local<Value> foo = v8_str("foo");
   Local<Value> bar = v8_str("bar");
 
   // Set to the same domain.
   env1->SetSecurityToken(foo);
@@ skipping 136 matching lines @@
                                            IndexedAccessBlocker);
 
   // Add an accessor accessible by cross-domain JS code.
   global_template->SetAccessor(
       v8_str("accessible_prop"),
       EchoGetter, EchoSetter,
       v8::Handle<Value>(),
       v8::AccessControl(v8::ALL_CAN_READ | v8::ALL_CAN_WRITE));
 
   // Add an accessor that is not accessible by cross-domain JS code.
-  global_template->SetAccessor(v8_str("blocked_access_prop"),
+  global_template->SetAccessor(v8_str("blocked_prop"),
                                UnreachableGetter, UnreachableSetter,
                                v8::Handle<Value>(),
                                v8::DEFAULT);
 
   // Create an environment
   v8::Persistent<Context> context0 = Context::New(NULL, global_template);
   context0->Enter();
 
   v8::Handle<v8::Object> global0 = context0->Global();
 
   v8::HandleScope scope1;
 
   v8::Persistent<Context> context1 = Context::New();
   context1->Enter();
 
   v8::Handle<v8::Object> global1 = context1->Global();
   global1->Set(v8_str("other"), global0);
 
   v8::Handle<Value> value;
 
   // Access blocked property
   value = v8_compile("other.blocked_prop = 1")->Run();
   value = v8_compile("other.blocked_prop")->Run();
   CHECK(value->IsUndefined());
 
+  value = v8_compile("propertyIsEnumerable.call(other, 'blocked_prop')")->Run();
+  CHECK(value->IsBoolean());
+  CHECK_EQ(false, value->BooleanValue());
+
   // Access accessible property
   value = v8_compile("other.accessible_prop = 3")->Run();
   CHECK(value->IsNumber());
   CHECK_EQ(3, value->Int32Value());
 
   value = v8_compile("other.accessible_prop")->Run();
   CHECK(value->IsNumber());
   CHECK_EQ(3, value->Int32Value());
 
+  value =
+    v8_compile("propertyIsEnumerable.call(other, 'accessible_prop')")->Run();
+  CHECK(value->IsBoolean());
+  CHECK_EQ(true, value->BooleanValue());
+
+  Local<Value> result =
+      CompileRun("(function(){var obj = {'__proto__':other};"
+                 "for (var p in obj)"
+                 "   if (p == 'blocked_prop') return false;"

[Mads Ager (chromium), 2008/10/28 20:02:38]

We should also check that accessible_prop is actually enumerated.

Is there a reason for not just doing "for (var p in other)" instead of putting
other in the prototype chain?

Also, I think using a couple of more lines and some more whitespace would make
the code evaluated more readable.

+                 "return true;})()");
+  CHECK(result->IsTrue());
+
   context1->Exit();
   context0->Exit();
   context1.Dispose();
   context0.Dispose();
 }
 
 
 static v8::Handle<Value> ConstTenGetter(Local<String> name,
                                         const AccessorInfo& info) {
   return v8_num(10);
@@ skipping 1678 matching lines @@
   int elmc1 = 2;
   const char* elmv1[] = {"a", "b"};
   CheckProperties(elms->Get(v8::Integer::New(1)), elmc1, elmv1);
   int elmc2 = 3;
   const char* elmv2[] = {"0", "1", "2"};
   CheckProperties(elms->Get(v8::Integer::New(2)), elmc2, elmv2);
   int elmc3 = 4;
   const char* elmv3[] = {"w", "z", "x", "y"};
   CheckProperties(elms->Get(v8::Integer::New(3)), elmc3, elmv3);
 }