Object.setPrototypeOf() should throw when used on a cross-origin Window / Location...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Aug 2016 22:49:45 +0000 (22:49 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Aug 2016 22:49:45 +0000 (22:49 +0000)
commit4ad734316131889f61cd22443577b9753384b932
tree9fe619f92d014a749d0bbe5d6f62a06a0f815207
parentc9d1526f98e4488883613e4b6a1c1bd9a1c238d4
Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object
https://bugs.webkit.org/show_bug.cgi?id=161396

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

Object.setPrototypeOf() should throw when used on a cross-origin Window / Location object:
- https://html.spec.whatwg.org/#windowproxy-setprototypeof
- https://html.spec.whatwg.org/#location-setprototypeof
- https://tc39.github.io/ecma262/#sec-object.setprototypeof (step 5)

Firefox and Chrome already throw. However, WebKit merely ignores the call and logs an error message.

Note that technically, we should also throw in the same origin case.
However, not all browsers agree on this yet so I haven't not changed
the behavior for the same origin case.

* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorSetPrototypeOf):

LayoutTests:

Update / rebaseline existing test to reflect behavior change.

* http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-setPrototypeOf.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@205205 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/ObjectConstructor.cpp