Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(464)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/cctest/test-api.cc

Issue 2034083002: Don't compile functions in a context the caller doesn't have access to (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: updates Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/flag-definitions.h ('k') | test/mjsunit/cross-realm-filtering.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 10113 matching lines...) Expand 10 before | Expand all | Expand 10 after
10124 CHECK_EQ(42, g_echo_value); // Make sure we didn't call the setter. 10124 CHECK_EQ(42, g_echo_value); // Make sure we didn't call the setter.
10125 } 10125 }
10126 10126
10127 static bool AccessAlwaysBlocked(Local<v8::Context> accessing_context, 10127 static bool AccessAlwaysBlocked(Local<v8::Context> accessing_context,
10128 Local<v8::Object> global, 10128 Local<v8::Object> global,
10129 Local<v8::Value> data) { 10129 Local<v8::Value> data) {
10130 i::PrintF("Access blocked.\n"); 10130 i::PrintF("Access blocked.\n");
10131 return false; 10131 return false;
10132 } 10132 }
10133 10133
10134 static bool AccessAlwaysAllowed(Local<v8::Context> accessing_context,
10135 Local<v8::Object> global,
10136 Local<v8::Value> data) {
10137 i::PrintF("Access allowed.\n");
10138 return true;
10139 }
10134 10140
10135 THREADED_TEST(AccessControlGetOwnPropertyNames) { 10141 THREADED_TEST(AccessControlGetOwnPropertyNames) {
10136 v8::Isolate* isolate = CcTest::isolate(); 10142 v8::Isolate* isolate = CcTest::isolate();
10137 v8::HandleScope handle_scope(isolate); 10143 v8::HandleScope handle_scope(isolate);
10138 v8::Local<v8::ObjectTemplate> obj_template = v8::ObjectTemplate::New(isolate); 10144 v8::Local<v8::ObjectTemplate> obj_template = v8::ObjectTemplate::New(isolate);
10139 10145
10140 obj_template->Set(v8_str("x"), v8::Integer::New(isolate, 42)); 10146 obj_template->Set(v8_str("x"), v8::Integer::New(isolate, 42));
10141 obj_template->SetAccessCheckCallback(AccessAlwaysBlocked); 10147 obj_template->SetAccessCheckCallback(AccessAlwaysBlocked);
10142 10148
10143 // Add an accessor accessible by cross-domain JS code. 10149 // Add an accessor accessible by cross-domain JS code.
(...skipping 15226 matching lines...) Expand 10 before | Expand all | Expand 10 after
25370 CHECK(object->SetPrototype(context.local(), v8::Null(isolate)).IsNothing()); 25376 CHECK(object->SetPrototype(context.local(), v8::Null(isolate)).IsNothing());
25371 25377
25372 // The original prototype is still there 25378 // The original prototype is still there
25373 Local<Value> new_proto = 25379 Local<Value> new_proto =
25374 object->Get(context.local(), v8_str("__proto__")).ToLocalChecked(); 25380 object->Get(context.local(), v8_str("__proto__")).ToLocalChecked();
25375 CHECK(new_proto->IsObject()); 25381 CHECK(new_proto->IsObject());
25376 CHECK(new_proto.As<v8::Object>() 25382 CHECK(new_proto.As<v8::Object>()
25377 ->Equals(context.local(), original_proto) 25383 ->Equals(context.local(), original_proto)
25378 .FromJust()); 25384 .FromJust());
25379 } 25385 }
25386
25387 Local<v8::Context> call_eval_context;
25388 Local<v8::Function> call_eval_bound_function;
25389
25390 static void CallEval(const v8::FunctionCallbackInfo<v8::Value>& args) {
25391 v8::Context::Scope scope(call_eval_context);
25392 args.GetReturnValue().Set(
25393 call_eval_bound_function
25394 ->Call(call_eval_context, call_eval_context->Global(), 0, NULL)
25395 .ToLocalChecked());
25396 }
25397
25398 TEST(CrossActivationEval) {
25399 LocalContext env;
25400 v8::Isolate* isolate = env->GetIsolate();
25401 v8::HandleScope scope(isolate);
25402 {
25403 call_eval_context = v8::Context::New(isolate);
25404 v8::Context::Scope scope(call_eval_context);
25405 call_eval_bound_function =
25406 Local<Function>::Cast(CompileRun("eval.bind(this, '1')"));
25407 }
25408 env->Global()
25409 ->Set(env.local(), v8_str("CallEval"),
25410 v8::FunctionTemplate::New(isolate, CallEval)
25411 ->GetFunction(env.local())
25412 .ToLocalChecked())
25413 .FromJust();
25414 Local<Value> result = CompileRun("CallEval();");
25415 CHECK(result->IsInt32());
25416 CHECK_EQ(1, result->Int32Value(env.local()).FromJust());
25417 }
25418
25419 TEST(EvalInAccessCheckedContext) {
25420 v8::Isolate* isolate = CcTest::isolate();
25421 v8::HandleScope scope(isolate);
25422
25423 v8::Local<v8::ObjectTemplate> obj_template = v8::ObjectTemplate::New(isolate);
25424
25425 obj_template->SetAccessCheckCallback(AccessAlwaysAllowed);
25426
25427 v8::Local<Context> context0 = Context::New(isolate, NULL, obj_template);
25428 v8::Local<Context> context1 = Context::New(isolate, NULL, obj_template);
25429
25430 Local<Value> foo = v8_str("foo");
25431 Local<Value> bar = v8_str("bar");
25432
25433 // Set to different domains.
25434 context0->SetSecurityToken(foo);
25435 context1->SetSecurityToken(bar);
25436
25437 // Set up function in context0 that uses eval from context0.
25438 context0->Enter();
25439 v8::Local<v8::Value> fun = CompileRun(
25440 "var x = 42;"
25441 "(function() {"
25442 " var e = eval;"
25443 " return function(s) { return e(s); }"
25444 "})()");
25445 context0->Exit();
25446
25447 // Put the function into context1 and call it. Since the access check
25448 // callback always returns true, the call succeeds even though the tokens
25449 // are different.
25450 context1->Enter();
25451 context1->Global()->Set(context1, v8_str("fun"), fun).FromJust();
25452 v8::Local<v8::Value> x_value = CompileRun("fun('x')");
25453 CHECK_EQ(42, x_value->Int32Value(context1).FromJust());
25454 context1->Exit();
25455 }
OLDNEW
« no previous file with comments | « src/flag-definitions.h ('k') | test/mjsunit/cross-realm-filtering.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698