v8binding: Don't allow author script to define indexed accessor prop.

third_party/WebKit/Source/core/frame/DOMWindow.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "core/frame/DOMWindow.h"
 
 #include <memory>
 
 #include "bindings/core/v8/WindowProxyManager.h"
 #include "core/dom/Document.h"
@@ skipping 100 matching lines @@
 }
 
 DOMWindow* DOMWindow::AnonymousIndexedGetter(uint32_t index) const {
   if (!GetFrame())
     return nullptr;
 
   Frame* child = GetFrame()->Tree().ScopedChild(index);
   return child ? child->DomWindow() : nullptr;
 }
 
-bool DOMWindow::AnonymousIndexedSetter(uint32_t index,
-                                       const ScriptValue& value) {
-  // https://html.spec.whatwg.org/C/browsers.html#windowproxy-defineownproperty
-  //   step 2 - 1. If P is an array index property name, return false.
-  //
-  // As an alternative way to implement WindowProxy.[[DefineOwnProperty]] for
-  // array index property names, we always intercept and ignore the set
-  // operation for indexed properties, i.e. [[DefineOwnProperty]] for array
-  // index property names has always no effect.
-  return true;  // Intercept unconditionally but do nothing.
-}
-
 bool DOMWindow::IsCurrentlyDisplayedInFrame() const {
   if (GetFrame())
     SECURITY_CHECK(GetFrame()->DomWindow() == this);
   return GetFrame() && GetFrame()->GetPage();
 }
 
 bool DOMWindow::IsInsecureScriptAccess(LocalDOMWindow& calling_window,
                                        const KURL& url) {
   if (!url.ProtocolIsJavaScript())
     return false;
@@ skipping 315 matching lines @@
   visitor->Trace(location_);
   EventTargetWithInlineData::Trace(visitor);
 }
 
 DEFINE_TRACE_WRAPPERS(DOMWindow) {
   visitor->TraceWrappers(location_);
   EventTargetWithInlineData::TraceWrappers(visitor);
 }
 
 }  // namespace blink