Chromium Code Reviews Chromium Code Reviews
Issue 2713413002:
Blink bindings: use v8 to enforce method call access checks (Closed)
| Index: third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp |
| diff --git a/third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp b/third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp |
| index 95225f5bf85372e9f5545a68e0975be3bb29d245..423c15e3ddbe2d4c4b980047b74d85b545dd5ceb 100644 |
| --- a/third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp |
| +++ b/third_party/WebKit/Source/bindings/core/v8/V8DOMConfiguration.cpp |
| @@ -348,6 +348,8 @@ void installMethodInternal(v8::Isolate* isolate, |
| v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(), |
| signature, method.length); |
| functionTemplate->RemovePrototype(); |
| + if (method.accessCheckConfiguration == V8DOMConfiguration::CheckAccess) |
| + functionTemplate->SetAcceptAnyReceiver(false); |
| if (method.propertyLocationConfiguration & V8DOMConfiguration::OnInstance) |
| instanceTemplate->Set( |
| name, functionTemplate, |
| @@ -365,6 +367,7 @@ void installMethodInternal(v8::Isolate* isolate, |
| v8::FunctionTemplate::New(isolate, callback, v8::Local<v8::Value>(), |
| v8::Local<v8::Signature>(), method.length); |
| functionTemplate->RemovePrototype(); |
| + // TODO(dcheng): Does this need an access check? |
|
dcheng
2017/02/27 05:34:19
I don't think it does, since I think this implies
haraken
2017/02/27 05:49:25
Agreed. We won't need the access check. I'm okay w
dcheng
2017/02/27 07:52:26
Hmm... it's not possible to do an access check in
Yuki
2017/03/01 08:40:11
Just FYI, the spec doesn't require any access chec
|
| interfaceTemplate->Set( |
| name, functionTemplate, |
| static_cast<v8::PropertyAttribute>(method.attribute)); |
