Calling crossOriginWindow.toString() should not be allowed
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Aug 2016 20:35:21 +0000 (20:35 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Aug 2016 20:35:21 +0000 (20:35 +0000)
commitf651589f62c3802725b2178837fc7238051fecfa
tree554440867e83655587755b791159ebe4ea4c7650
parenta91046ca7f09d26c032dbcce9f3d04fb4669e3af
Calling crossOriginWindow.toString() should not be allowed
https://bugs.webkit.org/show_bug.cgi?id=161225

Reviewed by Andreas Kling.

Source/WebCore:

Calling crossOriginWindow.toString() should not be allowed:
- https://html.spec.whatwg.org/#crossoriginproperties-(-o-)

In WebKit, we were printing a security error in the console but
returning "[object Window]" anyway.

In Firefox and Chrome, it throws an exception.

No new tests, updated existing test.

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):

LayoutTests:

Update existing tests to reflect the behavior change.

* http/tests/security/cross-frame-access-custom-expected.txt:
* http/tests/security/cross-frame-access-custom.html:
* http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-setPrototypeOf.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@205037 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-custom-expected.txt
LayoutTests/http/tests/security/cross-frame-access-custom.html
LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMWindowCustom.cpp