Commit e0022073 authored by yangguo@chromium.org's avatar yangguo@chromium.org

Fall back to generic on access checks in JSON.stringify.

BUG=259366
R=verwaest@chromium.org

Review URL: https://codereview.chromium.org/18225006

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@15641 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent 2b9836af
...@@ -434,6 +434,7 @@ BasicJsonStringifier::Result BasicJsonStringifier::Serialize_( ...@@ -434,6 +434,7 @@ BasicJsonStringifier::Result BasicJsonStringifier::Serialize_(
return UNCHANGED; return UNCHANGED;
} }
case JS_ARRAY_TYPE: case JS_ARRAY_TYPE:
if (object->IsAccessCheckNeeded()) break;
if (deferred_string_key) SerializeDeferredKey(comma, key); if (deferred_string_key) SerializeDeferredKey(comma, key);
return SerializeJSArray(Handle<JSArray>::cast(object)); return SerializeJSArray(Handle<JSArray>::cast(object));
case JS_VALUE_TYPE: case JS_VALUE_TYPE:
...@@ -447,12 +448,13 @@ BasicJsonStringifier::Result BasicJsonStringifier::Serialize_( ...@@ -447,12 +448,13 @@ BasicJsonStringifier::Result BasicJsonStringifier::Serialize_(
SerializeString(Handle<String>::cast(object)); SerializeString(Handle<String>::cast(object));
return SUCCESS; return SUCCESS;
} else if (object->IsJSObject()) { } else if (object->IsJSObject()) {
if (object->IsAccessCheckNeeded()) break;
if (deferred_string_key) SerializeDeferredKey(comma, key); if (deferred_string_key) SerializeDeferredKey(comma, key);
return SerializeJSObject(Handle<JSObject>::cast(object)); return SerializeJSObject(Handle<JSObject>::cast(object));
} else {
return SerializeGeneric(object, key, comma, deferred_string_key);
} }
} }
return SerializeGeneric(object, key, comma, deferred_string_key);
} }
......
...@@ -19715,4 +19715,75 @@ THREADED_TEST(SemaphoreInterruption) { ...@@ -19715,4 +19715,75 @@ THREADED_TEST(SemaphoreInterruption) {
ThreadInterruptTest().RunTest(); ThreadInterruptTest().RunTest();
} }
static bool NamedAccessAlwaysBlocked(Local<v8::Object> global,
Local<Value> name,
v8::AccessType type,
Local<Value> data) {
i::PrintF("Named access blocked.\n");
return false;
}
static bool IndexAccessAlwaysBlocked(Local<v8::Object> global,
uint32_t key,
v8::AccessType type,
Local<Value> data) {
i::PrintF("Indexed access blocked.\n");
return false;
}
void UnreachableCallback(const v8::FunctionCallbackInfo<v8::Value>& args) {
CHECK(false);
}
TEST(JSONStringifyAccessCheck) {
v8::V8::Initialize();
v8::HandleScope scope(v8::Isolate::GetCurrent());
// Create an ObjectTemplate for global objects and install access
// check callbacks that will block access.
v8::Handle<v8::ObjectTemplate> global_template = v8::ObjectTemplate::New();
global_template->SetAccessCheckCallbacks(NamedAccessAlwaysBlocked,
IndexAccessAlwaysBlocked);
// Create a context and set an x property on it's global object.
LocalContext context0(NULL, global_template);
v8::Handle<v8::Object> global0 = context0->Global();
global0->Set(v8_str("x"), v8_num(42));
ExpectString("JSON.stringify(this)", "{\"x\":42}");
for (int i = 0; i < 2; i++) {
if (i == 1) {
// Install a toJSON function on the second run.
v8::Handle<v8::FunctionTemplate> toJSON =
v8::FunctionTemplate::New(UnreachableCallback);
global0->Set(v8_str("toJSON"), toJSON->GetFunction());
}
// Create a context with a different security token so that the
// failed access check callback will be called on each access.
LocalContext context1(NULL, global_template);
context1->Global()->Set(v8_str("other"), global0);
ExpectString("JSON.stringify(other)", "{}");
ExpectString("JSON.stringify({ 'a' : other, 'b' : ['c'] })",
"{\"a\":{},\"b\":[\"c\"]}");
ExpectString("JSON.stringify([other, 'b', 'c'])",
"[{},\"b\",\"c\"]");
v8::Handle<v8::Array> array = v8::Array::New(2);
array->Set(0, v8_str("a"));
array->Set(1, v8_str("b"));
context1->Global()->Set(v8_str("array"), array);
ExpectString("JSON.stringify(array)", "[\"a\",\"b\"]");
array->TurnOnAccessCheck();
ExpectString("JSON.stringify(array)", "[]");
ExpectString("JSON.stringify([array])", "[[]]");
ExpectString("JSON.stringify({'a' : array})", "{\"a\":[]}");
}
}
#endif // WIN32 #endif // WIN32
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment