ES6: Should not allow duplicate basic __proto__ properties in Object Literals
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 May 2015 16:54:09 +0000 (16:54 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 May 2015 16:54:09 +0000 (16:54 +0000)
commit2aac05b93bac9ec1a78aca17097139ebd06e5944
treeb70b1a6111535d72801a561afe8653dbc656005f
parent39c812e4d3075e9b9cf33d128e0369f2e85f7028
ES6: Should not allow duplicate basic __proto__ properties in Object Literals
https://bugs.webkit.org/show_bug.cgi?id=145138

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2015-05-20
Reviewed by Darin Adler.

Source/JavaScriptCore:

Implement ES6 Annex B.3.1, which disallows duplicate basic __proto__
properties in object literals. This doesn't affect computed properties,
shorthand properties, or getters/setters all of which avoid setting
the actual prototype of the object anyway.

* interpreter/Interpreter.cpp:
(JSC::eval):
Remove out of date comment. Duplicate property names are allowed
now in ES6, they were not in ES5 strict mode.

* parser/ASTBuilder.h:
(JSC::ASTBuilder::getName):
(JSC::ASTBuilder::getType):
* parser/SyntaxChecker.h:
(JSC::SyntaxChecker::getName):
Add back getName to get the property name depending on the tree builder.
Also tighten up the parameter types.

* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::parse):
In quick JSON literal parsing for eval, we actually need to evaluate
the __proto__ property assignment, instead of just building up a list
of direct properties. Only do this when not doing a strict JSON parse.

* parser/Nodes.h:
Add "Shorthand" to the list of PropertyNode types to allow it to
be distinguished without relying on other information.

* parser/Parser.h:
* parser/Parser.cpp:
(JSC::Parser<LexerType>::parseProperty):
Add the Shorthand type when parsing a shorthand property.

(JSC::Parser<LexerType>::shouldCheckPropertyForUnderscoreProtoDuplicate):
(JSC::Parser<LexerType>::parseObjectLiteral):
(JSC::Parser<LexerType>::parseStrictObjectLiteral):
Check for duplicate __proto__ properties, and throw a SyntaxError
if that was the case.

LayoutTests:

* js/dom/JSON-parse-expected.txt:
* js/resources/JSON-parse.js:
Update expected results for JSON parsing using eval() versus JSON.parse.
In eval, an object literal with a "__proto__" property modifies the prototype.
In JSON.parse, all properties are direct/own properties, no matter their name,
so "__proto__" does not get special treatment.

* js/eval-json-proto-expected.txt: Added.
* js/eval-json-proto.html: Added.
* js/script-tests/eval-json-proto.js: Added.
Direct test for LiteralParser behavior, in both eval and JSON.parse.

* js/object-literal-duplicate-properties-expected.txt:
* js/script-tests/object-literal-duplicate-properties.js:
(runProtoTestShouldThrow):
(runProtoTestShouldNotThrow):
Test for all cases of acceptable and unacceptable __proto__ duplicate
properties in literals.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@184640 268f45cc-cd09-0410-ab3c-d52691b4dbfc
16 files changed:
LayoutTests/ChangeLog
LayoutTests/js/dom/JSON-parse-expected.txt
LayoutTests/js/eval-json-proto-expected.txt [new file with mode: 0644]
LayoutTests/js/eval-json-proto.html [new file with mode: 0644]
LayoutTests/js/object-literal-duplicate-properties-expected.txt
LayoutTests/js/resources/JSON-parse.js
LayoutTests/js/script-tests/eval-json-proto.js [new file with mode: 0644]
LayoutTests/js/script-tests/object-literal-duplicate-properties.js
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/interpreter/Interpreter.cpp
Source/JavaScriptCore/parser/ASTBuilder.h
Source/JavaScriptCore/parser/Nodes.h
Source/JavaScriptCore/parser/Parser.cpp
Source/JavaScriptCore/parser/Parser.h
Source/JavaScriptCore/parser/SyntaxChecker.h
Source/JavaScriptCore/runtime/LiteralParser.cpp