[V8] document.all gets confused about its prototype chain
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Sep 2011 22:57:30 +0000 (22:57 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Sep 2011 22:57:30 +0000 (22:57 +0000)
commitdc55e1c7a8176af03be0c715b974f3226b3ed09a
tree13de3a085fa7d6896821ad6805b513f2ae95a45e
parent9e21c2a8410d12e9c5b9cde20b353fc060b62184
[V8] document.all gets confused about its prototype chain
https://bugs.webkit.org/show_bug.cgi?id=68393

Reviewed by Eric Seidel.

Source/WebCore:

GetRealNamedPropertyInPrototypeChain doesn't call interceptors, so it's
not a good idea to use its return value.  It turns out that all the
callers of the API only cared about whether it returns a null handle.

Test: http/tests/security/document-all.html

* bindings/v8/V8Collection.h:
(WebCore::collectionNamedPropertyGetter):
* bindings/v8/custom/V8DOMStringMapCustom.cpp:
(WebCore::V8DOMStringMap::namedPropertyDeleter):
(WebCore::V8DOMStringMap::namedPropertySetter):
* bindings/v8/custom/V8HTMLAllCollectionCustom.cpp:
(WebCore::V8HTMLAllCollection::namedPropertyGetter):
* bindings/v8/custom/V8HTMLCollectionCustom.cpp:
(WebCore::V8HTMLCollection::namedPropertyGetter):
* bindings/v8/custom/V8NamedNodeMapCustom.cpp:
(WebCore::V8NamedNodeMap::namedPropertyGetter):
* bindings/v8/custom/V8StorageCustom.cpp:
(WebCore::storageSetter):

LayoutTests:

Test how document.all behaves when you change its prototype chain.

* http/tests/security/document-all-expected.txt: Added.
* http/tests/security/document-all.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95489 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/document-all-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/document-all.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/v8/V8Collection.h
Source/WebCore/bindings/v8/custom/V8DOMStringMapCustom.cpp
Source/WebCore/bindings/v8/custom/V8HTMLAllCollectionCustom.cpp
Source/WebCore/bindings/v8/custom/V8HTMLCollectionCustom.cpp
Source/WebCore/bindings/v8/custom/V8NamedNodeMapCustom.cpp
Source/WebCore/bindings/v8/custom/V8StorageCustom.cpp