src/runtime.cc - Issue 582093002: Revert "filter cross context eval"

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: src/runtime.cc

Issue 582093002: Revert "filter cross context eval" (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge

Patch Set: Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/runtime.cc

diff --git a/src/runtime.cc b/src/runtime.cc

index 2e3a2bbc4f1c8f7a6ad3011bfda5aeb114bb7e00..93b0d69f0cda172727064480f306fe70e6adab91 100644

--- a/src/runtime.cc

+++ b/src/runtime.cc

@@ -9821,59 +9821,6 @@ bool CodeGenerationFromStringsAllowed(Isolate* isolate,

}

-// Walk up the stack expecting:

-// - Runtime_CompileString

-// - JSFunction callee (eval, Function constructor, etc)

-// - call() (maybe)

-// - apply() (maybe)

-// - bind() (maybe)

-// - JSFunction caller (maybe)

-//

-// return true if the caller has the same security token as the callee

-// or if an exit frame was hit, in which case allow it through, as it could

-// have come through the api.

-static bool TokensMatchForCompileString(Isolate* isolate) {

- MaybeHandle<JSFunction> callee;

- bool exit_handled = true;

- bool tokens_match = true;

- bool done = false;

- for (StackFrameIterator it(isolate); !it.done() && !done; it.Advance()) {

- StackFrame* raw_frame = it.frame();

- if (!raw_frame->is_java_script()) {

- if (raw_frame->is_exit()) exit_handled = false;

- continue;

- }

- JavaScriptFrame* outer_frame = JavaScriptFrame::cast(raw_frame);

- List<FrameSummary> frames(FLAG_max_inlining_levels + 1);

- outer_frame->Summarize(&frames);

- for (int i = frames.length() - 1; i >= 0 && !done; --i) {

- FrameSummary& frame = frames[i];

- Handle<JSFunction> fun = frame.function();

- // Capture the callee function.

- if (callee.is_null()) {

- callee = fun;

- exit_handled = true;

- continue;

- }

- // Exit condition.

- Handle<Context> context(callee.ToHandleChecked()->context());

- if (!fun->context()->HasSameSecurityTokenAs(*context)) {

- tokens_match = false;

- done = true;

- continue;

- }

- // Skip bound functions in correct origin.

- if (fun->shared()->bound()) {

- exit_handled = true;

- continue;

- }

- done = true;

- }

- return !exit_handled || tokens_match;

RUNTIME_FUNCTION(Runtime_CompileString) {

HandleScope scope(isolate);

DCHECK(args.length() == 2);

@@ -9883,11 +9830,6 @@ RUNTIME_FUNCTION(Runtime_CompileString) {

// Extract native context.

Handle<Context> context(isolate->native_context());

- // Filter cross security context calls.

- if (!TokensMatchForCompileString(isolate)) {

- return isolate->heap()->undefined_value();

- }

// Check if native context allows code generation from

// strings. Throw an exception if it doesn't.

if (context->allow_code_gen_from_strings()->IsFalse() &&

« no previous file with comments | « src/generator.js ('k') | src/v8natives.js » ('j') | no next file with comments »