Treat failed access checks for @@toStringTag as undefined

This matches the approach used for @@isConcatSpreadable, and seems to match what Mozilla is planning to do in Firefox. Given that there's already little compatibility around cross-origin toString results, there seems to be little hazard in making this change even before spec language hits the HTML spec. BUG=v8:3502, v8:4289, chromium:532469 LOG=n Review URL: https://codereview.chromium.org/1432543002 Cr-Commit-Position: refs/heads/master@{#31755}

Treat failed access checks for @@toStringTag as undefined
This matches the approach used for @@isConcatSpreadable, and seems to match what Mozilla is planning to do in Firefox. Given that there's already little compatibility around cross-origin toString results, there seems to be little hazard in making this change even before spec language hits the HTML spec. BUG=v8:3502, v8:4289, chromium:532469 LOG=n Review URL: https://codereview.chromium.org/1432543002 Cr-Commit-Position: refs/heads/master@{#31755}
5ae9f846 · adamk · Commit bot · 0ac0e528 · 5ae9f846 · 5ae9f846
Commit 5ae9f846 authored Nov 03, 2015 by adamk Committed by Commit bot Nov 03, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 3 deletions

heap.h src/heap/heap.h +3 -3

test-api.cc test/cctest/test-api.cc +28 -0

No files found.
--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -361,15 +361,15 @@ namespace internal {
  V(search_symbol, Symbol.search)             \
  V(split_symbol, Symbol.split)               \
  V(to_primitive_symbol, Symbol.toPrimitive)  \
-  V(to_string_tag_symbol, Symbol.toStringTag) \
  V(unscopables_symbol, Symbol.unscopables)

 // Well-Known Symbols are "Public" symbols, which have a bit set which causes
 // them to produce an undefined value when a load results in a failed access
 // check. Because this behaviour is not specified properly as of yet, it only
 // applies to a subset of spec-defined Well-Known Symbols.
-#define WELL_KNOWN_SYMBOL_LIST(V) \
-  V(is_concat_spreadable_symbol, Symbol.isConcatSpreadable)
+#define WELL_KNOWN_SYMBOL_LIST(V)                           \
+  V(is_concat_spreadable_symbol, Symbol.isConcatSpreadable) \
+  V(to_string_tag_symbol, Symbol.toStringTag)

 // Heap roots that are known to be immortal immovable, for which we can safely
 // skip write barriers. This list is not complete and has omissions.

--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -22018,6 +22018,34 @@ TEST(AccessCheckedIsConcatSpreadable) {
 }


+TEST(AccessCheckedToStringTag) {
+  i::FLAG_harmony_tostring = true;
+  v8::Isolate* isolate = CcTest::isolate();
+  HandleScope scope(isolate);
+  LocalContext env;
+
+  // Object with access check
+  Local<ObjectTemplate> object_template = v8::ObjectTemplate::New(isolate);
+  object_template->SetAccessCheckCallback(AccessBlocker);
+  Local<Object> object = object_template->NewInstance();
+
+  allowed_access = true;
+  env->Global()->Set(v8_str("object"), object);
+  object->Set(v8::Symbol::GetToStringTag(isolate), v8_str("hello"));
+
+  // Access check is allowed, and the toStringTag is read
+  CompileRun("var result = Object.prototype.toString.call(object)");
+  ExpectString("result", "[object hello]");
+  ExpectString("object[Symbol.toStringTag]", "hello");
+
+  // If access check fails, the value of @@toStringTag is ignored
+  allowed_access = false;
+  CompileRun("var result = Object.prototype.toString.call(object)");
+  ExpectString("result", "[object Object]");
+  ExpectTrue("object[Symbol.toStringTag] === undefined");
+}
+
+
 TEST(ObjectTemplateIntrinsics) {
  v8::Isolate* isolate = CcTest::isolate();
  v8::HandleScope scope(isolate);