Change native call frames to use the scope from their Callee instead of their caller...
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 20:03:28 +0000 (20:03 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 20:03:28 +0000 (20:03 +0000)
commit1834516e72751718462851a7901b5f221b965bc8
treed0d8a0729a723cea0edb4c955db89e67c9fe43e7
parent53b8dff8a2cbf4826b57dd6454097d681cd9dafa
Change native call frames to use the scope from their Callee instead of their caller's scope
https://bugs.webkit.org/show_bug.cgi?id=137907

Source/JavaScriptCore:

Reviewed by Mark Lam.

Changed setting of scope for native CallFrames to use the scope associated with the
Callee instead of the caller's scope.

* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

LayoutTests:

Updated tests to reflect that the results of changing where a native call frame
and therefore the lexicalGlobalObject came from.  Verified that these tests changes
are consistent with the HTML standard.  These changes are also closer to the behavior
of other browsers.

Reviewed by Mark Lam.

* fast/frames/sandboxed-iframe-navigation-parent-expected.txt:
* fast/frames/sandboxed-iframe-navigation-parent.html:
Changed the test and results to show that a sandboxed iframe can navigate its
ancesters when it is sandbox with both "allow-scripts" and "allow-same-origin".

* http/tests/security/calling-versus-current.html:
Updated the test to really have a different domain.  We do a simple string comparison
to check for that we are part of the same domain.  The test expected that 0.0.1 was
from the same domain as 127.0.0.1.  Changed the test to try 0.0.2 and expect a
security exception.

* http/tests/security/frameNavigation/context-for-location-assign-expected.txt:
Updated test results.

* traversal/node-iterator-prototype-expected.txt:
* traversal/node-iterator-prototype.html:
Fixed as a result of this change.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@174996 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/frames/sandboxed-iframe-navigation-parent-expected.txt
LayoutTests/fast/frames/sandboxed-iframe-navigation-parent.html
LayoutTests/http/tests/security/calling-versus-current.html
LayoutTests/http/tests/security/frameNavigation/context-for-location-assign-expected.txt
LayoutTests/traversal/node-iterator-prototype-expected.txt
LayoutTests/traversal/node-iterator-prototype.html
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/ThunkGenerators.cpp
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm