[JSC] Consider dropping JSObjectSetPrototype feature for JSGlobalObject
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Sep 2017 20:06:34 +0000 (20:06 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 18 Sep 2017 20:06:34 +0000 (20:06 +0000)
commit27c1334530f6ac9c9bde1e7f55db63264308dfd7
tree3916b4e8ea58ce7c6c6373d3c4a13de5e2f8199c
parent11503b29df7659706d9916b7b54b97384aa549ff
[JSC] Consider dropping JSObjectSetPrototype feature for JSGlobalObject
https://bugs.webkit.org/show_bug.cgi?id=177070

Reviewed by Saam Barati.

Due to the security reason, our global object is immutable prototype exotic object.
It prevents users from injecting proxies into the prototype chain of the global object[1].
But our JSC API does not respect this attribute, and allows users to change [[Prototype]]
of the global object after instantiating it.

This patch removes this feature. Once global object is instantiated, we cannot change [[Prototype]]
of the global object. It drops JSGlobalObject::resetPrototype use, which involves GlobalThis
edge cases.

[1]: https://github.com/tc39/ecma262/commit/935dad4283d045bc09c67a259279772d01b3d33d

* API/JSObjectRef.cpp:
(JSObjectSetPrototype):
* API/tests/CustomGlobalObjectClassTest.c:
(globalObjectSetPrototypeTest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222175 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/API/JSObjectRef.cpp
Source/JavaScriptCore/API/tests/CustomGlobalObjectClassTest.c
Source/JavaScriptCore/ChangeLog