Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1561)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: test/cctest/test-api.cc

Issue 8834: Introduce access control in propertyIsEnumerable.... (Closed) Base URL: http://v8.googlecode.com/svn/branches/bleeding_edge/
Patch Set: Created 12 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« src/objects.cc ('K') | « src/runtime.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: test/cctest/test-api.cc
===================================================================
--- test/cctest/test-api.cc (revision 620)
+++ test/cctest/test-api.cc (working copy)
@@ -3186,6 +3186,41 @@
}
+THREADED_TEST(CrossDomainIsPropertyEnumerable) {
+ v8::HandleScope handle_scope;
+ LocalContext env1;
+ v8::Persistent<Context> env2 = Context::New();
+
+ Local<Value> foo = v8_str("foo");
+ Local<Value> bar = v8_str("bar");
+
+ // Set to the same domain.
+ env1->SetSecurityToken(foo);
+ env2->SetSecurityToken(foo);
+
+ env1->Global()->Set(v8_str("prop"), v8_num(3));
+ env2->Global()->Set(v8_str("env1"), env1->Global());
+
+ // env1.prop is enumerable in env2.
+ Local<String> test = v8_str("propertyIsEnumerable.call(env1, 'prop')");
+ {
+ Context::Scope scope_env2(env2);
+ Local<Value> result = Script::Compile(test)->Run();
+ CHECK(result->IsTrue());
+ }
+
+ // Change env2 to a different domain and test again.
+ env2->SetSecurityToken(bar);
+ {
+ Context::Scope scope_env2(env2);
+ Local<Value> result = Script::Compile(test)->Run();
+ CHECK(result->IsFalse());
+ }
+
+ env2.Dispose();
+}
+
+
THREADED_TEST(CrossDomainForIn) {
v8::HandleScope handle_scope;
LocalContext env1;
@@ -3342,7 +3377,7 @@
v8::AccessControl(v8::ALL_CAN_READ | v8::ALL_CAN_WRITE));
// Add an accessor that is not accessible by cross-domain JS code.
- global_template->SetAccessor(v8_str("blocked_access_prop"),
+ global_template->SetAccessor(v8_str("blocked_prop"),
UnreachableGetter, UnreachableSetter,
v8::Handle<Value>(),
v8::DEFAULT);
@@ -3368,6 +3403,10 @@
value = v8_compile("other.blocked_prop")->Run();
CHECK(value->IsUndefined());
+ value = v8_compile("propertyIsEnumerable.call(other, 'blocked_prop')")->Run();
+ CHECK(value->IsBoolean());
+ CHECK_EQ(false, value->BooleanValue());
+
// Access accessible property
value = v8_compile("other.accessible_prop = 3")->Run();
CHECK(value->IsNumber());
@@ -3377,6 +3416,18 @@
CHECK(value->IsNumber());
CHECK_EQ(3, value->Int32Value());
+ value =
+ v8_compile("propertyIsEnumerable.call(other, 'accessible_prop')")->Run();
+ CHECK(value->IsBoolean());
+ CHECK_EQ(true, value->BooleanValue());
+
+ Local<Value> result =
+ CompileRun("(function(){var obj = {'__proto__':other};"
+ "for (var p in obj)"
+ " if (p == 'blocked_prop') return false;"
Mads Ager (chromium) 2008/10/28 20:02:38 We should also check that accessible_prop is actua
+ "return true;})()");
+ CHECK(result->IsTrue());
+
context1->Exit();
context0->Exit();
context1.Dispose();
« src/objects.cc ('K') | « src/runtime.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698