src/object-observe.js - Issue 22962009: Add access check for observed objects

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/object-observe.js

Issue 22962009: Add access check for observed objects (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Merged to trunk Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/object-observe.js

diff --git a/src/object-observe.js b/src/object-observe.js

index a9c29cf3bef093bae0694d55de4c8cda4d9edf24..1035792e8b6cc2493189f617c3014f29b7dab588 100644

--- a/src/object-observe.js

+++ b/src/object-observe.js

@@ -367,13 +367,22 @@ function ArrayUnobserve(object, callback) {

return ObjectUnobserve(object, callback);

}

-function ObserverEnqueueIfActive(observer, objectInfo, changeRecord) {

+function ObserverEnqueueIfActive(observer, objectInfo, changeRecord,

+ needsAccessCheck) {

if (!ObserverIsActive(observer, objectInfo) ||

!TypeMapHasType(ObserverGetAcceptTypes(observer), changeRecord.type)) {

return;

}

var callback = ObserverGetCallback(observer);

+ if (needsAccessCheck &&

+ // Drop all splice records on the floor for access-checked objects

+ (changeRecord.type == 'splice' ||

+ !%IsAccessAllowedForObserver(

+ callback, changeRecord.object, changeRecord.name))) {

+ return;

+ }

var callbackInfo = CallbackInfoNormalize(callback);

if (!observationState.pendingObservers)

observationState.pendingObservers = { __proto__: null };

@@ -382,19 +391,25 @@ function ObserverEnqueueIfActive(observer, objectInfo, changeRecord) {

%SetObserverDeliveryPending();

}

-function ObjectInfoEnqueueChangeRecord(objectInfo, changeRecord) {

+function ObjectInfoEnqueueChangeRecord(objectInfo, changeRecord,

+ skipAccessCheck) {

// TODO(rossberg): adjust once there is a story for symbols vs proxies.

if (IS_SYMBOL(changeRecord.name)) return;

+ var needsAccessCheck = !skipAccessCheck &&

+ %IsAccessCheckNeeded(changeRecord.object);

if (ChangeObserversIsOptimized(objectInfo.changeObservers)) {

var observer = objectInfo.changeObservers;

- ObserverEnqueueIfActive(observer, objectInfo, changeRecord);

+ ObserverEnqueueIfActive(observer, objectInfo, changeRecord,

+ needsAccessCheck);

return;

}

for (var priority in objectInfo.changeObservers) {

var observer = objectInfo.changeObservers[priority];

- ObserverEnqueueIfActive(observer, objectInfo, changeRecord);

+ ObserverEnqueueIfActive(observer, objectInfo, changeRecord,

+ needsAccessCheck);

}

@@ -463,7 +478,8 @@ function ObjectNotifierNotify(changeRecord) {

}

ObjectFreeze(newRecord);

- ObjectInfoEnqueueChangeRecord(objectInfo, newRecord);

+ ObjectInfoEnqueueChangeRecord(objectInfo, newRecord,

+ true /* skip access check */);

}

function ObjectNotifierPerformChange(changeType, changeFn) {

« no previous file with comments | « no previous file | src/runtime.h » ('j') | no next file with comments »