Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/object-observe.js

Issue 265503002: Re-enable Object.observe and add enforcement for security invariants. (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: cr comment Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/messages.js ('k') | src/objects.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/object-observe.js
diff --git a/src/object-observe.js b/src/object-observe.js
index 1d1be93b4d8ff9325ae8a3f0aeff18e260c2473c..9d6625450be6bd0314bfc312e8a946bdf71f790d 100644
--- a/src/object-observe.js
+++ b/src/object-observe.js
@@ -355,6 +355,8 @@ function CallbackInfoNormalize(callback) {
function ObjectObserve(object, callback, acceptList) {
if (!IS_SPEC_OBJECT(object))
throw MakeTypeError("observe_non_object", ["observe"]);
+ if (%IsJSGlobalProxy(object))
+ throw MakeTypeError("observe_global_proxy", ["observe"]);
if (!IS_SPEC_FUNCTION(callback))
throw MakeTypeError("observe_non_function", ["observe"]);
if (ObjectIsFrozen(callback))
@@ -370,6 +372,8 @@ function ObjectObserve(object, callback, acceptList) {
function ObjectUnobserve(object, callback) {
if (!IS_SPEC_OBJECT(object))
throw MakeTypeError("observe_non_object", ["unobserve"]);
+ if (%IsJSGlobalProxy(object))
+ throw MakeTypeError("observe_global_proxy", ["unobserve"]);
if (!IS_SPEC_FUNCTION(callback))
throw MakeTypeError("observe_non_function", ["unobserve"]);
@@ -392,19 +396,15 @@ function ArrayUnobserve(object, callback) {
return ObjectUnobserve(object, callback);
}
-function ObserverEnqueueIfActive(observer, objectInfo, changeRecord,
- needsAccessCheck) {
+function ObserverEnqueueIfActive(observer, objectInfo, changeRecord) {
if (!ObserverIsActive(observer, objectInfo) ||
!TypeMapHasType(ObserverGetAcceptTypes(observer), changeRecord.type)) {
return;
}
var callback = ObserverGetCallback(observer);
- if (needsAccessCheck &&
- // Drop all splice records on the floor for access-checked objects
- (changeRecord.type == 'splice' ||
- !%IsAccessAllowedForObserver(
- callback, changeRecord.object, changeRecord.name))) {
+ if (!%ObserverObjectAndRecordHaveSameOrigin(callback, changeRecord.object,
+ changeRecord)) {
return;
}
@@ -433,22 +433,16 @@ function ObjectInfoEnqueueExternalChangeRecord(objectInfo, changeRecord, type) {
}
ObjectFreeze(newRecord);
- ObjectInfoEnqueueInternalChangeRecord(objectInfo, newRecord,
- true /* skip access check */);
+ ObjectInfoEnqueueInternalChangeRecord(objectInfo, newRecord);
}
-function ObjectInfoEnqueueInternalChangeRecord(objectInfo, changeRecord,
- skipAccessCheck) {
+function ObjectInfoEnqueueInternalChangeRecord(objectInfo, changeRecord) {
// TODO(rossberg): adjust once there is a story for symbols vs proxies.
if (IS_SYMBOL(changeRecord.name)) return;
- var needsAccessCheck = !skipAccessCheck &&
- %IsAccessCheckNeeded(changeRecord.object);
-
if (ChangeObserversIsOptimized(objectInfo.changeObservers)) {
var observer = objectInfo.changeObservers;
- ObserverEnqueueIfActive(observer, objectInfo, changeRecord,
- needsAccessCheck);
+ ObserverEnqueueIfActive(observer, objectInfo, changeRecord);
return;
}
@@ -456,8 +450,7 @@ function ObjectInfoEnqueueInternalChangeRecord(objectInfo, changeRecord,
var observer = objectInfo.changeObservers[priority];
if (IS_NULL(observer))
continue;
- ObserverEnqueueIfActive(observer, objectInfo, changeRecord,
- needsAccessCheck);
+ ObserverEnqueueIfActive(observer, objectInfo, changeRecord);
}
}
@@ -558,9 +551,13 @@ function ObjectNotifierPerformChange(changeType, changeFn) {
function ObjectGetNotifier(object) {
if (!IS_SPEC_OBJECT(object))
throw MakeTypeError("observe_non_object", ["getNotifier"]);
+ if (%IsJSGlobalProxy(object))
+ throw MakeTypeError("observe_global_proxy", ["getNotifier"]);
if (ObjectIsFrozen(object)) return null;
+ if (!%ObjectWasCreatedInCurrentOrigin(object)) return null;
+
var objectInfo = ObjectInfoGetOrCreate(object);
return ObjectInfoGetNotifier(objectInfo);
}
@@ -622,5 +619,4 @@ function SetupObjectObserve() {
));
}
-// Disable Object.observe API for M35.
-// SetupObjectObserve();
+SetupObjectObserve();
« no previous file with comments | « src/messages.js ('k') | src/objects.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698