OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 531 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
542 | 542 |
543 DOMWindow* targetWindow = V8DOMWindow::toNative(window); | 543 DOMWindow* targetWindow = V8DOMWindow::toNative(window); |
544 | 544 |
545 ASSERT(targetWindow); | 545 ASSERT(targetWindow); |
546 | 546 |
547 Frame* target = targetWindow->frame(); | 547 Frame* target = targetWindow->frame(); |
548 if (!target) | 548 if (!target) |
549 return false; | 549 return false; |
550 | 550 |
551 if (key->IsString()) { | 551 if (key->IsString()) { |
| 552 DEFINE_STATIC_LOCAL(AtomicString, nameOfProtoProperty, ("__proto__")); |
| 553 |
552 String name = toWebCoreString(key); | 554 String name = toWebCoreString(key); |
553 // Notice that we can't call HasRealNamedProperty for ACCESS_HAS | 555 // Notice that we can't call HasRealNamedProperty for ACCESS_HAS |
554 // because that would generate infinite recursion. | 556 // because that would generate infinite recursion. |
555 if (type == v8::ACCESS_HAS && target->tree()->child(name)) | 557 if (type == v8::ACCESS_HAS && target->tree()->child(name)) |
556 return true; | 558 return true; |
557 if (type == v8::ACCESS_GET && target->tree()->child(name) && !host->HasR
ealNamedProperty(key->ToString())) | 559 // We need to explicitly compare against nameOfProtoProperty because |
| 560 // V8's JSObject::LocalLookup finds __proto__ before |
| 561 // interceptors and even when __proto__ isn't a "real named property". |
| 562 if (type == v8::ACCESS_GET && target->tree()->child(name) && !host->HasR
ealNamedProperty(key->ToString()) && name != nameOfProtoProperty) |
558 return true; | 563 return true; |
559 } | 564 } |
560 | 565 |
561 return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, fal
se); | 566 return V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, fal
se); |
562 } | 567 } |
563 | 568 |
564 bool V8DOMWindow::indexedSecurityCheck(v8::Local<v8::Object> host, uint32_t inde
x, v8::AccessType type, v8::Local<v8::Value>) | 569 bool V8DOMWindow::indexedSecurityCheck(v8::Local<v8::Object> host, uint32_t inde
x, v8::AccessType type, v8::Local<v8::Value>) |
565 { | 570 { |
566 v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::
GetTemplate(), host); | 571 v8::Handle<v8::Object> window = V8DOMWrapper::lookupDOMWrapper(V8DOMWindow::
GetTemplate(), host); |
567 if (window.IsEmpty()) | 572 if (window.IsEmpty()) |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
612 v8::Handle<v8::Context> context = V8Proxy::context(frame); | 617 v8::Handle<v8::Context> context = V8Proxy::context(frame); |
613 if (context.IsEmpty()) | 618 if (context.IsEmpty()) |
614 return v8::Handle<v8::Object>(); | 619 return v8::Handle<v8::Object>(); |
615 | 620 |
616 v8::Handle<v8::Object> global = context->Global(); | 621 v8::Handle<v8::Object> global = context->Global(); |
617 ASSERT(!global.IsEmpty()); | 622 ASSERT(!global.IsEmpty()); |
618 return global; | 623 return global; |
619 } | 624 } |
620 | 625 |
621 } // namespace WebCore | 626 } // namespace WebCore |
OLD | NEW |