2016-02-04 21:36:04 +00:00
|
|
|
Tests that Object.getOwnPropertyDescriptor() works correctly for Window properties
|
|
|
|
|
|
|
|
|
|
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Window.screen
|
|
|
|
|
PASS descriptor.get is an instance of Function
|
|
|
|
|
PASS descriptor.set is an instance of Function
|
|
|
|
|
PASS descriptor.enumerable is true
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.configurable is true
|
2016-07-29 06:45:21 +00:00
|
|
|
PASS descriptor.get.call(nonWindowObject) threw exception TypeError: The Window.screen getter can only be used on instances of Window.
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS descriptor.get.call(window) === window.screen is true
|
2016-02-09 05:15:06 +00:00
|
|
|
PASS descriptor.get.call() === window.screen is true
|
2016-02-04 21:36:04 +00:00
|
|
|
|
|
|
|
|
* Window.navigator
|
|
|
|
|
PASS descriptor.get is an instance of Function
|
2016-02-19 05:17:32 +00:00
|
|
|
PASS descriptor.set is undefined.
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS descriptor.enumerable is true
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.configurable is true
|
2016-07-29 06:45:21 +00:00
|
|
|
PASS descriptor.get.call(nonWindowObject) threw exception TypeError: The Window.navigator getter can only be used on instances of Window.
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS descriptor.get.call(window) === window.navigator is true
|
2016-02-09 05:15:06 +00:00
|
|
|
PASS descriptor.get.call() === window.navigator is true
|
2016-02-04 21:36:04 +00:00
|
|
|
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
* Window.self
|
|
|
|
|
PASS descriptor.get is an instance of Function
|
|
|
|
|
PASS descriptor.set is an instance of Function
|
|
|
|
|
PASS descriptor.enumerable is true
|
|
|
|
|
PASS descriptor.configurable is true
|
2016-07-29 06:45:21 +00:00
|
|
|
PASS descriptor.get.call(nonWindowObject) threw exception TypeError: The Window.self getter can only be used on instances of Window.
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.get.call(window) === window.self is true
|
|
|
|
|
PASS descriptor.get.call() === window.self is true
|
|
|
|
|
|
2016-02-04 21:36:04 +00:00
|
|
|
* Window.frameElement
|
|
|
|
|
PASS descriptor.get is an instance of Function
|
|
|
|
|
PASS descriptor.set is undefined.
|
|
|
|
|
PASS descriptor.enumerable is true
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.configurable is true
|
2016-07-29 06:45:21 +00:00
|
|
|
PASS descriptor.get.call(nonWindowObject) threw exception TypeError: The Window.frameElement getter can only be used on instances of Window.
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS descriptor.get.call(window) === window.frameElement is true
|
2016-02-09 05:15:06 +00:00
|
|
|
PASS descriptor.get.call() === window.frameElement is true
|
2016-02-04 21:36:04 +00:00
|
|
|
|
|
|
|
|
* Window.name
|
|
|
|
|
PASS descriptor.get is an instance of Function
|
|
|
|
|
PASS descriptor.set is an instance of Function
|
|
|
|
|
PASS descriptor.enumerable is true
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.configurable is true
|
2016-07-29 06:45:21 +00:00
|
|
|
PASS descriptor.get.call(nonWindowObject) threw exception TypeError: The Window.name getter can only be used on instances of Window.
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS descriptor.get.call(window) === window.name is true
|
2016-02-09 05:15:06 +00:00
|
|
|
PASS descriptor.get.call() === window.name is true
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
|
|
|
|
|
* window.Node
|
|
|
|
|
PASS descriptor.enumerable is false
|
|
|
|
|
PASS descriptor.writable is true
|
|
|
|
|
PASS descriptor.configurable is true
|
|
|
|
|
PASS descriptor.value is window.Node
|
|
|
|
|
|
2016-02-17 08:38:27 +00:00
|
|
|
* window.__proto__.constructor
|
Attributes on the Window instance should be configurable unless [Unforgeable]
https://bugs.webkit.org/show_bug.cgi?id=153920
<rdar://problem/24563211>
Reviewed by Darin Adler.
Source/JavaScriptCore:
Marking the Window instance attributes as configurable but cause
getOwnPropertyDescriptor() to report them as configurable, as
expected. However, trying to delete them would actually lead to
unexpected behavior because:
- We did not reify custom accessor properties (most of the Window
properties are custom accessors) upon deletion.
- For non-reified static properties marked as configurable,
JSObject::deleteProperty() would attempt to call the property
setter with undefined. As a result, calling delete window.name
would cause window.name to become the string "undefined" instead
of the undefined value.
* runtime/JSObject.cpp:
(JSC::getClassPropertyNames):
Now that we reify ALL properties, we only need to check the property table
if we have not reified. As a result, I dropped the 'didReify' parameter for
this function and instead only call this function if we have not yet reified.
(JSC::JSObject::putInlineSlow):
Only call putEntry() if we have not reified: Drop the
'|| !(entry->attributes() & BuiltinOrFunctionOrAccessor)'
check as such properties now get reified as well.
(JSC::JSObject::deleteProperty):
- Call reifyAllStaticProperties() instead of reifyStaticFunctionsForDelete()
so that we now reify all properties upon deletion, including the custom
accessors. reifyStaticFunctionsForDelete() is now removed and the same
reification function is now used by: deletion, getOwnPropertyDescriptor()
and eager reification of the prototype objects in the bindings.
- Drop code that falls back to calling the static property setter with
undefined if we cannot find the property in the property storage. As
we now reify ALL properties, the code removing the property from the
property storage should succeed, provided that the property actually
exists.
(JSC::JSObject::getOwnNonIndexPropertyNames):
Only call getClassPropertyNames() if we have not reified. We should no longer
check the static property table after reifying now that we reify all
properties.
(JSC::JSObject::reifyAllStaticProperties):
Merge with reifyStaticFunctionsForDelete(). The only behavior change is the
flattening to an uncacheable dictionary, like reifyStaticFunctionsForDelete()
used to do.
* runtime/JSObject.h:
Source/WebCore:
Attributes on the Window instance should be configurable unless [Unforgeable]:
1. 'constructor' property:
- http://www.w3.org/TR/WebIDL/#interface-prototype-object
2. Constructor properties (e.g. window.Node):
- http://www.w3.org/TR/WebIDL/#es-interfaces
3. IDL attributes:
- http://heycam.github.io/webidl/#es-attributes (configurable unless
[Unforgeable], e.g. window.location)
Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
Test: fast/dom/Window/window-properties-configurable.html
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
For known Window properties (i.e. properties in the static property table),
if we have reified and this is same-origin access, then call
Base::getOwnPropertySlot() to get the property from the local property
storage. If we have not reified yet, or this is cross-origin access, query
the static property table. This is to match the behavior of Firefox and
Chrome which seem to keep returning the original properties upon cross
origin access, even if those were deleted or redefined.
(WebCore::JSDOMWindow::put):
The previous code used to call the static property setter for properties in
the static table. However, this does not do the right thing if properties
were reified. For example, deleting window.name and then trying to set it
again would not work. Therefore, update this code to only do this if the
properties have not been reified, similarly to what is done in
JSObject::putInlineSlow().
* bindings/scripts/CodeGeneratorJS.pm:
(ConstructorShouldBeOnInstance):
Add a FIXME comment indicating that window.constructor should be on
the prototype as per the Web IDL specification.
(GenerateAttributesHashTable):
- Mark 'constructor' property as configurable for Window, as per the
specification and consistently with other 'constructor' properties:
http://www.w3.org/TR/WebIDL/#interface-prototype-object
- Mark properties as configurable even though they are on the instance.
Window has its properties on the instance as per the specification:
1. http://heycam.github.io/webidl/#es-attributes
2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
However, these properties should be configurable as long as they are
not marked as [Unforgeable], as per 1.
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
Rebaseline bindings tests.
LayoutTests:
* fast/dom/Window/window-properties-configurable-expected.txt: Added.
* fast/dom/Window/window-properties-configurable.html: Added.
Add a test to check that Window properties are reported as configurable
unless the [Unforgeable] ones and that deleting them actually works.
* fast/dom/global-constructors.html:
Update test so it no longer expects window.Node to be shadowable. As per
the specification, the "Node" property is on the window instance, not its
prototype. Therefore, it should cannot be shadowed and setting it to
something actually overwites the previous value, given that the property
is writable as per:
- http://heycam.github.io/webidl/#es-interfaces
I have verified that the new behavior is consistent with Firefox.
* http/tests/security/cross-origin-reified-window-property-access-expected.txt: Added.
* http/tests/security/cross-origin-reified-window-property-access.html: Added.
* http/tests/security/resources/reify-window.html: Added.
Add a test case to cover cross-origin access of Window properties after
reification.
* js/getOwnPropertyDescriptor-unforgeable-attributes-expected.txt:
* js/getOwnPropertyDescriptor-unforgeable-attributes.html:
Drop window.self from the list of unforgeable attributes. This attribute
is not unforgeable in our implementation or in the specification:
- https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
* js/getOwnPropertyDescriptor-window-attributes-expected.txt:
* js/getOwnPropertyDescriptor-window-attributes.html:
- Add coverage for window.self which is a regular Window property.
- Add coverage for window.Node which is a constructor property
- Add coverage for window.constructor. It should really be on the prototype
as per the specification but this at least checks that the property is
configurable, as per the specification.
- Rebaseline the test as more checks are passing now that Window properties
are marked as configurable.
Canonical link: https://commits.webkit.org/172180@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@196374 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-02-10 19:47:10 +00:00
|
|
|
PASS descriptor.enumerable is false
|
|
|
|
|
PASS descriptor.writable is true
|
|
|
|
|
PASS descriptor.configurable is true
|
|
|
|
|
PASS descriptor.value is window.Window
|
|
|
|
|
|
2016-02-04 21:36:04 +00:00
|
|
|
PASS successfullyParsed is true
|
|
|
|
|
|
|
|
|
|
TEST COMPLETE
|
|
|
|
|
|