Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(541)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/runtime.cc

Issue 260253002: Proposed fix for Object.observe access checks (Closed) Base URL: https://chromium.googlesource.com/external/v8.git@master
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 the V8 project authors. All rights reserved. 1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Redistribution and use in source and binary forms, with or without 2 // Redistribution and use in source and binary forms, with or without
3 // modification, are permitted provided that the following conditions are 3 // modification, are permitted provided that the following conditions are
4 // met: 4 // met:
5 // 5 //
6 // * Redistributions of source code must retain the above copyright 6 // * Redistributions of source code must retain the above copyright
7 // notice, this list of conditions and the following disclaimer. 7 // notice, this list of conditions and the following disclaimer.
8 // * Redistributions in binary form must reproduce the above 8 // * Redistributions in binary form must reproduce the above
9 // copyright notice, this list of conditions and the following 9 // copyright notice, this list of conditions and the following
10 // disclaimer in the documentation and/or other materials provided 10 // disclaimer in the documentation and/or other materials provided
(...skipping 14895 matching lines...) Expand 10 before | Expand all | Expand 10 after
14906 return *WeakCollectionInitialize(isolate, weakmap); 14906 return *WeakCollectionInitialize(isolate, weakmap);
14907 } 14907 }
14908 14908
14909 14909
14910 RUNTIME_FUNCTION(Runtime_IsAccessAllowedForObserver) { 14910 RUNTIME_FUNCTION(Runtime_IsAccessAllowedForObserver) {
14911 HandleScope scope(isolate); 14911 HandleScope scope(isolate);
14912 ASSERT(args.length() == 3); 14912 ASSERT(args.length() == 3);
14913 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0); 14913 CONVERT_ARG_HANDLE_CHECKED(JSFunction, observer, 0);
14914 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1); 14914 CONVERT_ARG_HANDLE_CHECKED(JSObject, object, 1);
14915 RUNTIME_ASSERT(object->map()->is_access_check_needed()); 14915 RUNTIME_ASSERT(object->map()->is_access_check_needed());
14916 // FIXME: Remove key arg
14916 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2); 14917 CONVERT_ARG_HANDLE_CHECKED(Object, key, 2);
14917 SaveContext save(isolate); 14918 Handle<Context> observer_context(observer->context()->native_context(), isolat e);
14918 isolate->set_context(observer->context()); 14919 Handle<Context> object_context;
14919 if (!isolate->MayNamedAccess( 14920 Handle<Object> constructor(object->map()->constructor(), isolate);
14920 object, isolate->factory()->undefined_value(), v8::ACCESS_KEYS)) { 14921 if (!constructor->IsJSFunction()) {
14921 return isolate->heap()->false_value(); 14922 object_context = handle(JSFunction::cast(*object)->context()->native_context (), isolate);
14923 } else {
14924 object_context = handle(JSFunction::cast(*constructor)->context()->native_co ntext(), isolate);
14922 } 14925 }
14923 bool access_allowed = false; 14926 return isolate->heap()->ToBoolean(
14924 uint32_t index = 0; 14927 *object_context == *observer_context ||
14925 if (key->ToArrayIndex(&index) || 14928 object_context->security_token() == observer_context->security_token());
14926 (key->IsString() && String::cast(*key)->AsArrayIndex(&index))) {
14927 access_allowed =
14928 isolate->MayIndexedAccess(object, index, v8::ACCESS_GET) &&
14929 isolate->MayIndexedAccess(object, index, v8::ACCESS_HAS);
14930 } else {
14931 access_allowed =
14932 isolate->MayNamedAccess(object, key, v8::ACCESS_GET) &&
14933 isolate->MayNamedAccess(object, key, v8::ACCESS_HAS);
14934 }
14935 return isolate->heap()->ToBoolean(access_allowed);
14936 } 14929 }
14937 14930
14938 14931
14939 static Object* ArrayConstructorCommon(Isolate* isolate, 14932 static Object* ArrayConstructorCommon(Isolate* isolate,
14940 Handle<JSFunction> constructor, 14933 Handle<JSFunction> constructor,
14941 Handle<AllocationSite> site, 14934 Handle<AllocationSite> site,
14942 Arguments* caller_args) { 14935 Arguments* caller_args) {
14943 Factory* factory = isolate->factory(); 14936 Factory* factory = isolate->factory();
14944 14937
14945 bool holey = false; 14938 bool holey = false;
(...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after
15144 } 15137 }
15145 return NULL; 15138 return NULL;
15146 } 15139 }
15147 15140
15148 15141
15149 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) { 15142 const Runtime::Function* Runtime::FunctionForId(Runtime::FunctionId id) {
15150 return &(kIntrinsicFunctions[static_cast<int>(id)]); 15143 return &(kIntrinsicFunctions[static_cast<int>(id)]);
15151 } 15144 }
15152 15145
15153 } } // namespace v8::internal 15146 } } // namespace v8::internal
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698