ES6 symbols: prevent reflection and proxy APIs from leaking symbols

src/v8natives.js

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 238 matching lines @@
 
 // ECMA-262 - 15.2.4.4
 function ObjectValueOf() {
   return ToObject(this);
 }
 
 
 // ECMA-262 - 15.2.4.5
 function ObjectHasOwnProperty(V) {
   if (%IsJSProxy(this)) {
+    // TODO(rossberg): adjust once there is a story for symbols vs proxies.
+    if (IS_SYMBOL(V)) return false;
+
     var handler = %GetHandler(this);
     return CallTrap1(handler, "hasOwn", DerivedHasOwnTrap, ToName(V));
   }
   return %HasLocalProperty(TO_OBJECT_INLINE(this), ToName(V));
 }
 
 
 // ECMA-262 - 15.2.4.6
 function ObjectIsPrototypeOf(V) {
   if (IS_NULL_OR_UNDEFINED(this) && !IS_UNDETECTABLE(this)) {
     throw MakeTypeError("called_on_null_or_undefined",
                         ["Object.prototype.isPrototypeOf"]);
   }
   if (!IS_SPEC_OBJECT(V)) return false;
   return %IsInPrototypeChain(this, V);
 }
 
 
 // ECMA-262 - 15.2.4.6
 function ObjectPropertyIsEnumerable(V) {
   var P = ToName(V);
   if (%IsJSProxy(this)) {
+    // TODO(rossberg): adjust once there is a story for symbols vs proxies.
+    if (IS_SYMBOL(V)) return false;
+
     var desc = GetOwnProperty(this, P);
     return IS_UNDEFINED(desc) ? false : desc.isEnumerable();
   }
   return %IsPropertyEnumerable(ToObject(this), P);
 }
 
 
 // Extensions for providing property getters and setters.
 function ObjectDefineGetter(name, fun) {
   var receiver = this;
@@ skipping 347 matching lines @@
 
 function CallTrap2(handler, name, defaultTrap, x, y) {
   return %_CallFunction(handler, x, y, GetTrap(handler, name, defaultTrap));
 }
 
 
 // ES5 section 8.12.1.
 function GetOwnProperty(obj, v) {
   var p = ToName(v);
   if (%IsJSProxy(obj)) {
+    // TODO(rossberg): adjust once there is a story for symbols vs proxies.
+    if (IS_SYMBOL(v)) return void 0;
+
     var handler = %GetHandler(obj);
     var descriptor = CallTrap1(handler, "getOwnPropertyDescriptor", void 0, p);
     if (IS_UNDEFINED(descriptor)) return descriptor;
     var desc = ToCompletePropertyDescriptor(descriptor);
     if (!desc.isConfigurable()) {
       throw MakeTypeError("proxy_prop_not_configurable",
                           [handler, "getOwnPropertyDescriptor", p, descriptor]);
     }
     return desc;
   }
@@ skipping 20 matching lines @@
   } else if (should_throw) {
     throw MakeTypeError("define_disallowed", [p]);
   } else {
     return;
   }
 }
 
 
 // Harmony proxies.
 function DefineProxyProperty(obj, p, attributes, should_throw) {
+  // TODO(rossberg): adjust once there is a story for symbols vs proxies.
+  if (IS_SYMBOL(p)) return false;
+
   var handler = %GetHandler(obj);
   var result = CallTrap2(handler, "defineProperty", void 0, p, attributes);
   if (!ToBoolean(result)) {
     if (should_throw) {
       throw MakeTypeError("handler_returned_false",
                           [handler, "defineProperty"]);
     } else {
       return false;
     }
   }
@@ skipping 245 matching lines @@
   }
 
   // Step 5 - Fallback to default implementation.
   return DefineObjectProperty(obj, p, desc, should_throw);
 }
 
 
 // ES5 section 8.12.9, ES5 section 15.4.5.1 and Harmony proxies.
 function DefineOwnProperty(obj, p, desc, should_throw) {
   if (%IsJSProxy(obj)) {
+    // TODO(rossberg): adjust once there is a story for symbols vs proxies.
+    if (IS_SYMBOL(p)) return false;
+
     var attributes = FromGenericPropertyDescriptor(desc);
     return DefineProxyProperty(obj, p, attributes, should_throw);
   } else if (IS_ARRAY(obj)) {
     return DefineArrayProperty(obj, p, desc, should_throw);
   } else {
     return DefineObjectProperty(obj, p, desc, should_throw);
   }
 }
 
 
@@ skipping 17 matching lines @@
 }
 
 
 // For Harmony proxies
 function ToNameArray(obj, trap, includeSymbols) {
   if (!IS_SPEC_OBJECT(obj)) {
     throw MakeTypeError("proxy_non_object_prop_names", [obj, trap]);
   }
   var n = ToUint32(obj.length);
   var array = new $Array(n);
+  var realLength = 0;
   var names = { __proto__: null };  // TODO(rossberg): use sets once ready.
   for (var index = 0; index < n; index++) {
     var s = ToName(obj[index]);
+    // TODO(rossberg): adjust once there is a story for symbols vs proxies.
     if (IS_SYMBOL(s) && !includeSymbols) continue;
     if (%HasLocalProperty(names, s)) {
       throw MakeTypeError("proxy_repeated_prop_name", [obj, trap, s]);
     }
     array[index] = s;
+    ++realLength;
     names[s] = 0;
   }
+  array.length = realLength;
   return array;
 }
 
 
 // ES5 section 15.2.3.4.
 function ObjectGetOwnPropertyNames(obj) {
   if (!IS_SPEC_OBJECT(obj)) {
     throw MakeTypeError("called_on_non_object", ["Object.getOwnPropertyNames"]);
   }
   // Special handling for proxies.
   if (%IsJSProxy(obj)) {
     var handler = %GetHandler(obj);
     var names = CallTrap0(handler, "getOwnPropertyNames", void 0);
-    return ToNameArray(names, "getOwnPropertyNames", true);
+    return ToNameArray(names, "getOwnPropertyNames", false);
   }
 
   var nameArrays = new InternalArray();
 
   // Find all the indexed properties.
 
   // Get the local element names.
   var localElementNames = %GetLocalElementNames(obj);
   for (var i = 0; i < localElementNames.length; ++i) {
     localElementNames[i] = %_NumberToString(localElementNames[i]);
   }
   nameArrays.push(localElementNames);
 
   // Get names for indexed interceptor properties.
   var interceptorInfo = %GetInterceptorInfo(obj);
   if ((interceptorInfo & 1) != 0) {
     var indexedInterceptorNames = %GetIndexedInterceptorElementNames(obj);
     if (!IS_UNDEFINED(indexedInterceptorNames)) {
       nameArrays.push(indexedInterceptorNames);
     }
   }
 
   // Find all the named properties.
 
   // Get the local property names.
-  nameArrays.push(%GetLocalPropertyNames(obj));
+  nameArrays.push(%GetLocalPropertyNames(obj, false));
 
   // Get names for named interceptor properties if any.
   if ((interceptorInfo & 2) != 0) {
     var namedInterceptorNames = %GetNamedInterceptorPropertyNames(obj);
     if (!IS_UNDEFINED(namedInterceptorNames)) {
       nameArrays.push(namedInterceptorNames);
     }
   }
 
   var propertyNames =
       %Apply(InternalArray.prototype.concat,
              nameArrays[0], nameArrays, 1, nameArrays.length - 1);
 
   // Property names are expected to be unique strings,
   // but interceptors can interfere with that assumption.
   if (interceptorInfo != 0) {
     var propertySet = { __proto__: null };
     var j = 0;
     for (var i = 0; i < propertyNames.length; ++i) {
-      var name = ToName(propertyNames[i]);
+      if (IS_SYMBOL(propertyNames[i])) continue;
+      var name = ToString(propertyNames[i]);
       // We need to check for the exact property value since for intrinsic
       // properties like toString if(propertySet["toString"]) will always
       // succeed.
       if (propertySet[name] === true) {
         continue;
       }
       propertySet[name] = true;
       propertyNames[j++] = name;
     }
     propertyNames.length = j;
@@ skipping 661 matching lines @@
 
 function SetUpFunction() {
   %CheckIsBootstrapping();
   InstallFunctions($Function.prototype, DONT_ENUM, $Array(
     "bind", FunctionBind,
     "toString", FunctionToString
   ));
 }
 
 SetUpFunction();