<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[214135] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/214135">214135</a></dd>
<dt>Author</dt> <dd>cdumez@apple.com</dd>
<dt>Date</dt> <dd>2017-03-18 10:52:01 -0700 (Sat, 18 Mar 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Allow setting the prototype of cross-origin objects, as long as they don't change
https://bugs.webkit.org/show_bug.cgi?id=169787
Reviewed by Mark Lam.
LayoutTests/imported/w3c:
Import test coverage from W3C web-platform-tests.
* web-platform-tests/common/domain-setter.sub.html: Added.
* web-platform-tests/common/test-setting-immutable-prototype.js: Added.
(self.testSettingImmutablePrototypeToNewValueOnly.test):
(self.testSettingImmutablePrototypeToNewValueOnly):
(self.testSettingImmutablePrototype.else.test):
(self.testSettingImmutablePrototype):
* web-platform-tests/common/w3c-import.log:
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt: Added.
* web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html: Added.
* web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log:
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt: Added.
* web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html: Added.
Source/JavaScriptCore:
* runtime/JSGlobalObject.h:
Mark JS global object as an immutable prototype exotic object to match Window.
* runtime/JSObject.cpp:
(JSC::JSObject::setPrototypeWithCycleCheck):
Update setPrototypeWithCycleCheck() for immutable prototype exotic objects in order
to align with:
- https://tc39.github.io/ecma262/#sec-set-immutable-prototype
In particular, we need to call [[GetPrototypeOf]] and return true if it returns the same
value as the new prototype. We really need to call [[GetPrototypeOf]] and not merely
getting the prototype slot via getPrototypeDirect() since Location and Window override
[[GetPrototypeOf]] to return null in the cross-origin case.
* runtime/JSProxy.cpp:
(JSC::JSProxy::setPrototype):
Update JSProxy::setPrototype() to forward such calls to its target. This is needed so
we end up calling JSObject::setPrototypeWithCycleCheck() for the Window object.
Handling immutable prototype exotic objects in that method does the right thing for
Window.
Source/WebCore:
Allow setting the prototype of cross-origin objects, as long as they don't change:
- https://html.spec.whatwg.org/multipage/browsers.html#windowproxy-setprototypeof
- https://html.spec.whatwg.org/multipage/browsers.html#location-setprototypeof
- https://tc39.github.io/ecma262/#sec-set-immutable-prototype
Tests: imported/w3c/web-platform-tests/common/domain-setter.sub.html
imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html
imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html
imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html
* bindings/js/JSLocationCustom.cpp:
* page/Location.idl:
Drop custom setPrototype() implementation for Location and mark Location as an immutable
prototype exotic object now that JSC does the right thing for those.
LayoutTests:
* http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-setPrototypeOf.html:
* js/dom/setPrototypeOf-location-window-expected.txt:
* js/dom/setPrototypeOf-location-window.html:
Add checks for setting prototype of window and location objects to the same value
to make sure it does not throw, both in the same origin and the cross origin
cases.
* fast/dom/Window/window-custom-prototype-crash-expected.txt:
* http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt:
* js/object-literal-shorthand-construction-expected.txt:
Rebaseline tests now that the exception message is a bit different.
* js/script-tests/prototype-assignment.js:
Remove special casing for Window, it now behaves like a regular immutable prototype
exotic object.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsfastdomWindowwindowcustomprototypecrashexpectedtxt">trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossframeaccessobjectsetPrototypeOfexpectedtxt">trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycrossframeaccessobjectsetPrototypeOfhtml">trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityxssDENIEDregularproptertywithiframeprotoexpectedtxt">trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscommonw3cimportlog">trunk/LayoutTests/imported/w3c/web-platform-tests/common/w3c-import.log</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacew3cimportlog">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log</a></li>
<li><a href="#trunkLayoutTestsjsdomsetPrototypeOflocationwindowexpectedtxt">trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsdomsetPrototypeOflocationwindowhtml">trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html</a></li>
<li><a href="#trunkLayoutTestsjsobjectliteralshorthandconstructionexpectedtxt">trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsprototypeassignmentjs">trunk/LayoutTests/js/script-tests/prototype-assignment.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjecth">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSObjectcpp">trunk/Source/JavaScriptCore/runtime/JSObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSProxycpp">trunk/Source/JavaScriptCore/runtime/JSProxy.cpp</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSLocationCustomcpp">trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorepageLocationidl">trunk/Source/WebCore/page/Location.idl</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscommondomainsettersubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/common/domain-setter.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestscommontestsettingimmutableprototypejs">trunk/LayoutTests/imported/w3c/web-platform-tests/common/test-setting-immutable-prototype.js</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingcrossorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingcrossorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettinggoescrossorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettinggoescrossorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameoriginhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html</a></li>
<li>trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/</li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectw3cimportlog">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossoriginsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettinggoescrossorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettinggoescrossorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameorigindomainsubexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameorigindomainsubhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameoriginexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameoriginhtml">trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/ChangeLog 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2017-03-18 Chris Dumez <cdumez@apple.com>
+
+ Allow setting the prototype of cross-origin objects, as long as they don't change
+ https://bugs.webkit.org/show_bug.cgi?id=169787
+
+ Reviewed by Mark Lam.
+
+ * http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt:
+ * http/tests/security/cross-frame-access-object-setPrototypeOf.html:
+ * js/dom/setPrototypeOf-location-window-expected.txt:
+ * js/dom/setPrototypeOf-location-window.html:
+ Add checks for setting prototype of window and location objects to the same value
+ to make sure it does not throw, both in the same origin and the cross origin
+ cases.
+
+ * fast/dom/Window/window-custom-prototype-crash-expected.txt:
+ * http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt:
+ * js/object-literal-shorthand-construction-expected.txt:
+ Rebaseline tests now that the exception message is a bit different.
+
+ * js/script-tests/prototype-assignment.js:
+ Remove special casing for Window, it now behaves like a regular immutable prototype
+ exotic object.
+
</ins><span class="cx"> 2017-03-17 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><span class="cx"> Implement incoming webrtc data based on tracksCurr
</span></span></pre></div>
<a id="trunkLayoutTestsfastdomWindowwindowcustomprototypecrashexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/fast/dom/Window/window-custom-prototype-crash-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1,2 +1,2 @@
</span><del>-CONSOLE MESSAGE: line 7: TypeError: Cannot set prototype of this object
</del><ins>+CONSOLE MESSAGE: line 7: TypeError: Cannot set prototype of immutable prototype object
</ins><span class="cx"> If this did not crash the test has succeeded.
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossframeaccessobjectsetPrototypeOfexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -4,17 +4,21 @@
</span><span class="cx">
</span><span class="cx">
</span><span class="cx"> PASS: targetWindow instanceof Array should be 'false' and is.
</span><del>-PASS Object.setPrototypeOf(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS Object.setPrototypeOf(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS: targetWindow instanceof Array should be 'false' and is.
</span><span class="cx"> PASS: targetWindow.location instanceof Array should be 'false' and is.
</span><del>-PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS Object.setPrototypeOf(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS: targetWindow.location instanceof Array should be 'false' and is.
</span><span class="cx"> PASS: targetWindow instanceof Array should be 'false' and is.
</span><del>-PASS protoSetter.call(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS protoSetter.call(targetWindow, Array.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS: targetWindow instanceof Array should be 'false' and is.
</span><span class="cx"> PASS: targetWindow.location instanceof Array should be 'false' and is.
</span><del>-PASS protoSetter.call(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS protoSetter.call(targetWindow.location, Array.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS: targetWindow.location instanceof Array should be 'false' and is.
</span><ins>+PASS: Object.getPrototypeOf(targetWindow) should be 'null' and is.
+PASS Object.setPrototypeOf(targetWindow, null) did not throw exception.
+PASS: Object.getPrototypeOf(targetWindow.location) should be 'null' and is.
+PASS Object.setPrototypeOf(targetWindow.location, null) did not throw exception.
</ins><span class="cx"> PASS: successfullyParsed should be 'true' and is.
</span><span class="cx">
</span><span class="cx"> TEST COMPLETE
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycrossframeaccessobjectsetPrototypeOfhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-object-setPrototypeOf.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -33,6 +33,11 @@
</span><span class="cx"> shouldThrowErrorName("protoSetter.call(targetWindow.location, Array.prototype)", "TypeError");
</span><span class="cx"> shouldBeFalse("targetWindow.location instanceof Array");
</span><span class="cx">
</span><ins>+ shouldBeNull("Object.getPrototypeOf(targetWindow)");
+ shouldNotThrow("Object.setPrototypeOf(targetWindow, null)");
+ shouldBeNull("Object.getPrototypeOf(targetWindow.location)");
+ shouldNotThrow("Object.setPrototypeOf(targetWindow.location, null)");
+
</ins><span class="cx"> finishJSTest();
</span><span class="cx"> }
</span><span class="cx"> </script>
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityxssDENIEDregularproptertywithiframeprotoexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -4,7 +4,7 @@
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span><span class="cx">
</span><span class="cx">
</span><del>-PASS this.__proto__ = targetWindow threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS this.__proto__ = targetWindow threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS __proto__ = targetWindow threw exception TypeError: Object.prototype.__proto__ called on null or undefined.
</span><span class="cx"> PASS: innerHeight === originalInnerHeight should be 'true' and is.
</span><span class="cx"> PASS: this.innerHeight === originalInnerHeight should be 'true' and is.
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1,3 +1,38 @@
</span><ins>+2017-03-18 Chris Dumez <cdumez@apple.com>
+
+ Allow setting the prototype of cross-origin objects, as long as they don't change
+ https://bugs.webkit.org/show_bug.cgi?id=169787
+
+ Reviewed by Mark Lam.
+
+ Import test coverage from W3C web-platform-tests.
+
+ * web-platform-tests/common/domain-setter.sub.html: Added.
+ * web-platform-tests/common/test-setting-immutable-prototype.js: Added.
+ (self.testSettingImmutablePrototypeToNewValueOnly.test):
+ (self.testSettingImmutablePrototypeToNewValueOnly):
+ (self.testSettingImmutablePrototype.else.test):
+ (self.testSettingImmutablePrototype):
+ * web-platform-tests/common/w3c-import.log:
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html: Added.
+ * web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log:
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt: Added.
+ * web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html: Added.
+
</ins><span class="cx"> 2017-03-16 Jiewen Tan <jiewen_tan@apple.com>
</span><span class="cx">
</span><span class="cx"> [WebCrypto] Support SPKI/PKCS8 for Elliptic Curve
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscommondomainsettersubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/common/domain-setter.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/common/domain-setter.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/common/domain-setter.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>A page that will likely be same-origin-domain but not same-origin</title>
+
+<script>
+"use strict";
+document.domain = "{{host}}";
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscommontestsettingimmutableprototypejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/common/test-setting-immutable-prototype.js (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/common/test-setting-immutable-prototype.js (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/common/test-setting-immutable-prototype.js 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,57 @@
</span><ins>+self.testSettingImmutablePrototypeToNewValueOnly =
+ (prefix, target, newValue, newValueString, { isSameOriginDomain }) => {
+ test(() => {
+ assert_throws(new TypeError, () => {
+ Object.setPrototypeOf(target, newValue);
+ });
+ }, `${prefix}: setting the prototype to ${newValueString} via Object.setPrototypeOf should throw a TypeError`);
+
+ let dunderProtoError = "SecurityError";
+ let dunderProtoErrorName = "\"SecurityError\" DOMException";
+ if (isSameOriginDomain) {
+ dunderProtoError = new TypeError();
+ dunderProtoErrorName = "TypeError";
+ }
+
+ test(() => {
+ assert_throws(dunderProtoError, function() {
+ target.__proto__ = newValue;
+ });
+ }, `${prefix}: setting the prototype to ${newValueString} via __proto__ should throw a ${dunderProtoErrorName}`);
+
+ test(() => {
+ assert_false(Reflect.setPrototypeOf(target, newValue));
+ }, `${prefix}: setting the prototype to ${newValueString} via Reflect.setPrototypeOf should return false`);
+};
+
+self.testSettingImmutablePrototype =
+ (prefix, target, originalValue, { isSameOriginDomain }, newValue = {}, newValueString = "an empty object") => {
+ testSettingImmutablePrototypeToNewValueOnly(prefix, target, newValue, newValueString, { isSameOriginDomain });
+
+ const originalValueString = originalValue === null ? "null" : "its original value";
+
+ test(() => {
+ assert_equals(Object.getPrototypeOf(target), originalValue);
+ }, `${prefix}: the prototype must still be ${originalValueString}`);
+
+ test(() => {
+ Object.setPrototypeOf(target, originalValue);
+ }, `${prefix}: setting the prototype to ${originalValueString} via Object.setPrototypeOf should not throw`);
+
+ if (isSameOriginDomain) {
+ test(() => {
+ target.__proto__ = originalValue;
+ }, `${prefix}: setting the prototype to ${originalValueString} via __proto__ should not throw`);
+ } else {
+ test(() => {
+ assert_throws("SecurityError", function() {
+ target.__proto__ = newValue;
+ });
+ }, `${prefix}: setting the prototype to ${originalValueString} via __proto__ should throw a "SecurityError" since ` +
+ `it ends up in CrossOriginGetOwnProperty`);
+ }
+
+ test(() => {
+ assert_true(Reflect.setPrototypeOf(target, originalValue));
+ }, `${prefix}: setting the prototype to ${originalValueString} via Reflect.setPrototypeOf should return true`);
+};
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestscommonw3cimportlog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/common/w3c-import.log (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/common/w3c-import.log 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/common/w3c-import.log 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -23,6 +23,7 @@
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/canvas-tests.css
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/canvas-tests.js
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/css-red.txt
</span><ins>+/LayoutTests/imported/w3c/web-platform-tests/common/domain-setter.sub.html
</ins><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/dummy.xhtml
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/dummy.xml
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/entities.json
</span><span class="lines">@@ -34,6 +35,7 @@
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/redirect.py
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/reftest-wait.js
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/stringifiers.js
</span><ins>+/LayoutTests/imported/w3c/web-platform-tests/common/test-setting-immutable-prototype.js
</ins><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/text-plain.txt
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/utils.js
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/common/vendor-prefix.js
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingcrossorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+
+
+PASS Cross-origin via document.domain: the prototype is null
+PASS Cross-origin via document.domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Cross-origin via document.domain: setting the prototype to an empty object via __proto__ should throw a "SecurityError" DOMException
+PASS Cross-origin via document.domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Cross-origin via document.domain: the prototype must still be null
+PASS Cross-origin via document.domain: setting the prototype to null via Object.setPrototypeOf should not throw
+PASS Cross-origin via document.domain: setting the prototype to null via __proto__ should throw a "SecurityError" since it ends up in CrossOriginGetOwnProperty
+PASS Cross-origin via document.domain: setting the prototype to null via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingcrossorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a Location object should not allow changing its value: cross-origin via document.domain</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#location-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="/common/domain-setter.sub.html"></iframe>
+
+<script>
+"use strict";
+// This page does *not* set document.domain, so it's cross-origin with the iframe
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const targetLocation = frames[0].location;
+ const origProto = Object.getPrototypeOf(targetLocation);
+
+ test(() => {
+ assert_equals(Object.getPrototypeOf(targetLocation), null);
+ }, "Cross-origin via document.domain: the prototype is null");
+
+ testSettingImmutablePrototype("Cross-origin via document.domain", targetLocation, origProto,
+ { isSameOriginDomain: false });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettinggoescrossorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+
+
+PASS Same-origin (for now): the prototype is accessible
+PASS Became cross-origin via document.domain: the prototype is now null
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via __proto__ should throw a "SecurityError" DOMException
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Became cross-origin via document.domain: the prototype must still be null
+PASS Became cross-origin via document.domain: setting the prototype to null via Object.setPrototypeOf should not throw
+PASS Became cross-origin via document.domain: setting the prototype to null via __proto__ should throw a "SecurityError" since it ends up in CrossOriginGetOwnProperty
+PASS Became cross-origin via document.domain: setting the prototype to null via Reflect.setPrototypeOf should return true
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via Object.setPrototypeOf should throw a TypeError
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via __proto__ should throw a "SecurityError" DOMException
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via Reflect.setPrototypeOf should return false
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettinggoescrossorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a Location object should not allow changing its value: cross-origin via document.domain after initially getting the object</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#location-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="/common/blank.html"></iframe>
+
+<script>
+"use strict";
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const targetLocation = frames[0].location;
+ const origProto = Object.getPrototypeOf(targetLocation);
+
+ test(() => {
+ assert_not_equals(origProto, null);
+ }, "Same-origin (for now): the prototype is accessible");
+
+ document.domain = "{{host}}";
+
+ test(() => {
+ assert_equals(Object.getPrototypeOf(targetLocation), null);
+ }, "Became cross-origin via document.domain: the prototype is now null");
+
+ testSettingImmutablePrototype("Became cross-origin via document.domain", targetLocation, null, { isSameOriginDomain: false });
+
+ testSettingImmutablePrototypeToNewValueOnly(
+ "Became cross-origin via document.domain", targetLocation, origProto,
+ "the original value from before going cross-origin", { isSameOriginDomain: false });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+Blocked access to external URL http://www.localhost:8801/common/domain-setter.sub.html
+
+
+PASS Same-origin-domain prerequisite check: the original prototype is accessible
+PASS Same-origin-domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Same-origin-domain: setting the prototype to an empty object via __proto__ should throw a TypeError
+PASS Same-origin-domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Same-origin-domain: the prototype must still be its original value
+PASS Same-origin-domain: setting the prototype to its original value via Object.setPrototypeOf should not throw
+PASS Same-origin-domain: setting the prototype to its original value via __proto__ should not throw
+PASS Same-origin-domain: setting the prototype to its original value via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a Location object should not allow changing its value: cross-origin, but same-origin-domain</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#location-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="//{{domains[www]}}:{{ports[http][1]}}/common/domain-setter.sub.html"></iframe>
+
+<script>
+"use strict";
+document.domain = "{{host}}";
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const targetLocation = frames[0].location;
+ const origProto = Object.getPrototypeOf(targetLocation);
+
+ test(() => {
+ assert_not_equals(origProto, null);
+ }, "Same-origin-domain prerequisite check: the original prototype is accessible");
+
+ testSettingImmutablePrototype("Same-origin-domain", targetLocation, origProto, { isSameOriginDomain: true });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+
+PASS Same-origin prerequisite check: the original prototype is accessible
+PASS Same-origin: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Same-origin: setting the prototype to an empty object via __proto__ should throw a TypeError
+PASS Same-origin: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Same-origin: the prototype must still be its original value
+PASS Same-origin: setting the prototype to its original value via Object.setPrototypeOf should not throw
+PASS Same-origin: setting the prototype to its original value via __proto__ should not throw
+PASS Same-origin: setting the prototype to its original value via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacelocationprototypesettingsameoriginhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a location object should not allow changing its value: same-origin</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#location-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<script>
+"use strict";
+
+const origProto = Object.getPrototypeOf(location);
+
+test(() => {
+ assert_not_equals(origProto, null);
+}, "Same-origin prerequisite check: the original prototype is accessible");
+
+testSettingImmutablePrototype("Same-origin", location, origProto, { isSameOriginDomain: true });
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsershistorythelocationinterfacew3cimportlog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/w3c-import.log 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -29,6 +29,10 @@
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-protocol-setter-with-colon.sub.html
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-protocol-setter.html
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting.html
</span><ins>+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html
</ins><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-stringifier.html
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-symbol-toprimitive.html
</span><span class="cx"> /LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-tojson.html
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectw3cimportlog"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/w3c-import.log 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the W3C CSS or WPT github:
+ https://github.com/w3c/csswg-test
+ https://github.com/w3c/web-platform-tests
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html
+/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+
+
+PASS Cross-origin via document.domain: the prototype is null
+PASS Cross-origin via document.domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Cross-origin via document.domain: setting the prototype to an empty object via __proto__ should throw a "SecurityError" DOMException
+PASS Cross-origin via document.domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Cross-origin via document.domain: the prototype must still be null
+PASS Cross-origin via document.domain: setting the prototype to null via Object.setPrototypeOf should not throw
+PASS Cross-origin via document.domain: setting the prototype to null via __proto__ should throw a "SecurityError" since it ends up in CrossOriginGetOwnProperty
+PASS Cross-origin via document.domain: setting the prototype to null via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,29 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a WindowProxy object should not allow changing its value: cross-origin via document.domain</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#windowproxy-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="/common/domain-setter.sub.html"></iframe>
+
+<script>
+"use strict";
+// This page does *not* set document.domain, so it's cross-origin with the iframe
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const target = frames[0];
+
+ test(() => {
+ assert_equals(Object.getPrototypeOf(target), null);
+ }, "Cross-origin via document.domain: the prototype is null");
+
+ testSettingImmutablePrototype("Cross-origin via document.domain", target, null, { isSameOriginDomain: false });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingcrossoriginsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+Blocked access to external URL http://www.localhost:8801/common/blank.html
+
+
+FAIL Cross-origin: the prototype is null assert_equals: expected null but got object "[object WindowPrototype]"
+PASS Cross-origin: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+FAIL Cross-origin: setting the prototype to an empty object via __proto__ should throw a "SecurityError" DOMException assert_throws: function "function () {
+ target.__proto__ = newValue;
+ }" threw object "TypeError: Cannot set prototype of this object" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18
+PASS Cross-origin: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+FAIL Cross-origin: the prototype must still be null assert_equals: expected null but got object "[object WindowPrototype]"
+FAIL Cross-origin: setting the prototype to null via Object.setPrototypeOf should not throw Cannot set prototype of this object
+FAIL Cross-origin: setting the prototype to null via __proto__ should throw a "SecurityError" since it ends up in CrossOriginGetOwnProperty assert_throws: function "function () {
+ target.__proto__ = newValue;
+ }" threw object "TypeError: Cannot set prototype of this object" that is not a DOMException SecurityError: property "code" is equal to undefined, expected 18
+FAIL Cross-origin: setting the prototype to null via Reflect.setPrototypeOf should return true assert_true: expected true got false
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettinggoescrossorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+
+
+PASS Same-origin (for now): the prototype is accessible
+PASS Became cross-origin via document.domain: the prototype is now null
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via __proto__ should throw a "SecurityError" DOMException
+PASS Became cross-origin via document.domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Became cross-origin via document.domain: the prototype must still be null
+PASS Became cross-origin via document.domain: setting the prototype to null via Object.setPrototypeOf should not throw
+PASS Became cross-origin via document.domain: setting the prototype to null via __proto__ should throw a "SecurityError" since it ends up in CrossOriginGetOwnProperty
+PASS Became cross-origin via document.domain: setting the prototype to null via Reflect.setPrototypeOf should return true
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via Object.setPrototypeOf should throw a TypeError
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via __proto__ should throw a "SecurityError" DOMException
+PASS Became cross-origin via document.domain: setting the prototype to the original value from before going cross-origin via Reflect.setPrototypeOf should return false
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettinggoescrossorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a WindowProxy object should not allow changing its value: cross-origin via document.domain after initially getting the object</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#windowproxy-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="/common/blank.html"></iframe>
+
+<script>
+"use strict";
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const target = frames[0];
+ const origProto = Object.getPrototypeOf(target);
+
+ test(() => {
+ assert_not_equals(origProto, null);
+ }, "Same-origin (for now): the prototype is accessible");
+
+ document.domain = "{{host}}";
+
+ test(() => {
+ assert_equals(Object.getPrototypeOf(target), null);
+ }, "Became cross-origin via document.domain: the prototype is now null");
+
+ testSettingImmutablePrototype("Became cross-origin via document.domain", target, null, { isSameOriginDomain: false });
+
+ testSettingImmutablePrototypeToNewValueOnly(
+ "Became cross-origin via document.domain", target, origProto,
+ "the original value from before going cross-origin", { isSameOriginDomain: false });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameorigindomainsubexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+Blocked access to external URL http://www.localhost:8801/common/domain-setter.sub.html
+
+
+PASS Same-origin-domain prerequisite check: the original prototype is accessible
+PASS Same-origin-domain: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Same-origin-domain: setting the prototype to an empty object via __proto__ should throw a TypeError
+PASS Same-origin-domain: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Same-origin-domain: the prototype must still be its original value
+PASS Same-origin-domain: setting the prototype to its original value via Object.setPrototypeOf should not throw
+PASS Same-origin-domain: setting the prototype to its original value via __proto__ should not throw
+PASS Same-origin-domain: setting the prototype to its original value via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameorigindomainsubhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,30 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a WindowProxy object should not allow changing its value: cross-origin, but same-origin-domain</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#windowproxy-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<iframe src="//{{domains[www]}}:{{ports[http][1]}}/common/domain-setter.sub.html"></iframe>
+
+<script>
+"use strict";
+document.domain = "{{host}}";
+setup({ explicit_done: true });
+
+window.onload = () => {
+ const target = frames[0];
+ const origProto = Object.getPrototypeOf(target);
+
+ test(() => {
+ assert_not_equals(origProto, null);
+ }, "Same-origin-domain prerequisite check: the original prototype is accessible");
+
+ testSettingImmutablePrototype("Same-origin-domain", target, origProto, { isSameOriginDomain: true });
+
+ done();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameoriginexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+
+PASS Same-origin prerequisite check: the original prototype is accessible
+PASS Same-origin: setting the prototype to an empty object via Object.setPrototypeOf should throw a TypeError
+PASS Same-origin: setting the prototype to an empty object via __proto__ should throw a TypeError
+PASS Same-origin: setting the prototype to an empty object via Reflect.setPrototypeOf should return false
+PASS Same-origin: the prototype must still be its original value
+PASS Same-origin: setting the prototype to its original value via Object.setPrototypeOf should not throw
+PASS Same-origin: setting the prototype to its original value via __proto__ should not throw
+PASS Same-origin: setting the prototype to its original value via Reflect.setPrototypeOf should return true
+
</ins></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlbrowsersthewindowproxyexoticobjectwindowproxyprototypesettingsameoriginhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html (0 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html (rev 0)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>[[SetPrototypeOf]] on a WindowProxy object should not allow changing its value: same-origin</title>
+<link rel="help" href="http://html.spec.whatwg.org/multipage/#windowproxy-setprototypeof">
+<link rel="author" title="Domenic Denicola" href="mailto:d@domenic.me">
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/test-setting-immutable-prototype.js"></script>
+
+<script>
+"use strict";
+
+const origProto = Object.getPrototypeOf(window);
+
+test(() => {
+ assert_not_equals(origProto, null);
+}, "Same-origin prerequisite check: the original prototype is accessible");
+
+testSettingImmutablePrototype("Same-origin", window, origProto, { isSameOriginDomain: true });
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsdomsetPrototypeOflocationwindowexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/js/dom/setPrototypeOf-location-window-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -4,23 +4,25 @@
</span><span class="cx">
</span><span class="cx">
</span><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><del>-PASS Object.setPrototypeOf(window, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS Object.setPrototypeOf(window, Node.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><del>-PASS protoSetter.call(window, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS protoSetter.call(window, Node.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><del>-PASS window.__proto__ = Node.prototype threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS window.__proto__ = Node.prototype threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window) is Window.prototype
</span><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><del>-PASS Object.setPrototypeOf(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS Object.setPrototypeOf(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><del>-PASS protoSetter.call(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS protoSetter.call(window.location, Node.prototype) threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><del>-PASS window.location.__proto__ = Node.prototype threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS window.location.__proto__ = Node.prototype threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS Object.getPrototypeOf(window.location) is Location.prototype
</span><ins>+PASS Object.setPrototypeOf(window, window.__proto__) did not throw exception.
+PASS Object.setPrototypeOf(window.location, window.location.__proto__) did not throw exception.
</ins><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span><span class="cx"> TEST COMPLETE
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomsetPrototypeOflocationwindowhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/js/dom/setPrototypeOf-location-window.html 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -30,6 +30,10 @@
</span><span class="cx"> shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
</span><span class="cx"> shouldThrowErrorName("window.location.__proto__ = Node.prototype", "TypeError");
</span><span class="cx"> shouldBe("Object.getPrototypeOf(window.location)", "Location.prototype");
</span><ins>+
+shouldNotThrow("Object.setPrototypeOf(window, window.__proto__)");
+shouldNotThrow("Object.setPrototypeOf(window.location, window.location.__proto__)");
+
</ins><span class="cx"> </script>
</span><span class="cx"> <script src="../../resources/js-test-post.js"></script>
</span><span class="cx"> </body>
</span></span></pre></div>
<a id="trunkLayoutTestsjsobjectliteralshorthandconstructionexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/js/object-literal-shorthand-construction-expected.txt 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -61,7 +61,7 @@
</span><span class="cx"> PASS !!Object.getOwnPropertyDescriptor({set x(value){}}, 'x').set is true
</span><span class="cx"> PASS !!Object.getOwnPropertyDescriptor({set 'x'(value){}}, 'x').set is true
</span><span class="cx"> PASS !!Object.getOwnPropertyDescriptor({set 42(value){}}, '42').set is true
</span><del>-PASS this.__proto__ = [] threw exception TypeError: Cannot set prototype of this object.
</del><ins>+PASS this.__proto__ = [] threw exception TypeError: Cannot set prototype of immutable prototype object.
</ins><span class="cx"> PASS ({__proto__: this.__proto__}) instanceof Array is false
</span><span class="cx"> PASS __proto__ = [] threw exception TypeError: Object.prototype.__proto__ called on null or undefined.
</span><span class="cx"> PASS ({__proto__: __proto__}) instanceof Array threw exception TypeError: Object.prototype.__proto__ called on null or undefined.
</span></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsprototypeassignmentjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/prototype-assignment.js (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/prototype-assignment.js 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/LayoutTests/js/script-tests/prototype-assignment.js 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -151,14 +151,7 @@
</span><span class="cx"> result.exception = CannotSetPrototypeOfImmutablePrototypeObject;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// HTML spec: 7.4.2 [[SetPrototypeOf]] ( V )
-// https://html.spec.whatwg.org/#windowproxy-setprototypeof
-function windowProxySetPrototypeOf(result, currentProto, newProto) {
- result.success = false;
- result.exception = CannotSetPrototypeOfThisObject;
-}
</del><span class="cx">
</span><del>-
</del><span class="cx"> var count = 0;
</span><span class="cx"> function initSetterExpectation(target, newProto) {
</span><span class="cx"> var targetValue = target.value();
</span><span class="lines">@@ -346,7 +339,7 @@
</span><span class="cx"> targets.push({
</span><span class="cx"> name: inBrowser ? "window" : "global",
</span><span class="cx"> value: () => global,
</span><del>- setPrototypeOf: windowProxySetPrototypeOf
</del><ins>+ setPrototypeOf: setImmutablePrototype
</ins><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx"> if (this.testWindowProtos) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/JavaScriptCore/ChangeLog 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1,3 +1,31 @@
</span><ins>+2017-03-18 Chris Dumez <cdumez@apple.com>
+
+ Allow setting the prototype of cross-origin objects, as long as they don't change
+ https://bugs.webkit.org/show_bug.cgi?id=169787
+
+ Reviewed by Mark Lam.
+
+ * runtime/JSGlobalObject.h:
+ Mark JS global object as an immutable prototype exotic object to match Window.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::setPrototypeWithCycleCheck):
+ Update setPrototypeWithCycleCheck() for immutable prototype exotic objects in order
+ to align with:
+ - https://tc39.github.io/ecma262/#sec-set-immutable-prototype
+
+ In particular, we need to call [[GetPrototypeOf]] and return true if it returns the same
+ value as the new prototype. We really need to call [[GetPrototypeOf]] and not merely
+ getting the prototype slot via getPrototypeDirect() since Location and Window override
+ [[GetPrototypeOf]] to return null in the cross-origin case.
+
+ * runtime/JSProxy.cpp:
+ (JSC::JSProxy::setPrototype):
+ Update JSProxy::setPrototype() to forward such calls to its target. This is needed so
+ we end up calling JSObject::setPrototypeWithCycleCheck() for the Window object.
+ Handling immutable prototype exotic objects in that method does the right thing for
+ Window.
+
</ins><span class="cx"> 2017-03-17 Michael Saboff <msaboff@apple.com>
</span><span class="cx">
</span><span class="cx"> Use USE_INTERNAL_SDK to compute ENABLE_FAST_JIT_PERMISSIONS instead of HAVE_INTERNAL_SDK
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -432,7 +432,7 @@
</span><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> typedef JSSegmentedVariableObject Base;
</span><del>- static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesToThis;
</del><ins>+ static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesToThis | IsImmutablePrototypeExoticObject;
</ins><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static JSGlobalObject* create(VM&, Structure*);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSObject.cpp (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSObject.cpp 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/JavaScriptCore/runtime/JSObject.cpp 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1642,14 +1642,20 @@
</span><span class="cx"> bool JSObject::setPrototypeWithCycleCheck(VM& vm, ExecState* exec, JSValue prototype, bool shouldThrowIfCantSet)
</span><span class="cx"> {
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><ins>+
+ if (this->structure(vm)->isImmutablePrototypeExoticObject()) {
+ // This implements https://tc39.github.io/ecma262/#sec-set-immutable-prototype.
+ if (this->getPrototype(vm, exec) == prototype)
+ return true;
+
+ return typeError(exec, scope, shouldThrowIfCantSet, ASCIILiteral("Cannot set prototype of immutable prototype object"));
+ }
+
</ins><span class="cx"> ASSERT(methodTable(vm)->toThis(this, exec, NotStrictMode) == this);
</span><span class="cx">
</span><span class="cx"> if (this->getPrototypeDirect() == prototype)
</span><span class="cx"> return true;
</span><span class="cx">
</span><del>- if (this->structure(vm)->isImmutablePrototypeExoticObject())
- return typeError(exec, scope, shouldThrowIfCantSet, ASCIILiteral("Cannot set prototype of immutable prototype object"));
-
</del><span class="cx"> bool isExtensible = this->isExtensible(exec);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, false);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSProxy.cpp (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSProxy.cpp 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/JavaScriptCore/runtime/JSProxy.cpp 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -158,11 +158,10 @@
</span><span class="cx"> thisObject->target()->methodTable(exec->vm())->getOwnPropertyNames(thisObject->target(), exec, propertyNames, mode);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool JSProxy::setPrototype(JSObject*, ExecState* exec, JSValue, bool shouldThrowIfCantSet)
</del><ins>+bool JSProxy::setPrototype(JSObject* object, ExecState* exec, JSValue prototype, bool shouldThrowIfCantSet)
</ins><span class="cx"> {
</span><del>- auto scope = DECLARE_THROW_SCOPE(exec->vm());
-
- return typeError(exec, scope, shouldThrowIfCantSet, ASCIILiteral("Cannot set prototype of this object"));
</del><ins>+ JSProxy* thisObject = jsCast<JSProxy*>(object);
+ return thisObject->target()->methodTable(exec->vm())->setPrototype(thisObject->target(), exec, prototype, shouldThrowIfCantSet);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSValue JSProxy::getPrototype(JSObject* object, ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/WebCore/ChangeLog 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2017-03-18 Chris Dumez <cdumez@apple.com>
+
+ Allow setting the prototype of cross-origin objects, as long as they don't change
+ https://bugs.webkit.org/show_bug.cgi?id=169787
+
+ Reviewed by Mark Lam.
+
+ Allow setting the prototype of cross-origin objects, as long as they don't change:
+ - https://html.spec.whatwg.org/multipage/browsers.html#windowproxy-setprototypeof
+ - https://html.spec.whatwg.org/multipage/browsers.html#location-setprototypeof
+ - https://tc39.github.io/ecma262/#sec-set-immutable-prototype
+
+ Tests: imported/w3c/web-platform-tests/common/domain-setter.sub.html
+ imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-cross-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-goes-cross-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/history/the-location-interface/location-prototype-setting-same-origin.html
+ imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-cross-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-goes-cross-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin-domain.sub.html
+ imported/w3c/web-platform-tests/html/browsers/the-windowproxy-exotic-object/windowproxy-prototype-setting-same-origin.html
+
+ * bindings/js/JSLocationCustom.cpp:
+ * page/Location.idl:
+ Drop custom setPrototype() implementation for Location and mark Location as an immutable
+ prototype exotic object now that JSC does the right thing for those.
+
</ins><span class="cx"> 2017-03-17 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><span class="cx"> Stop sending media data as soon as peer connection is closed
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSLocationCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -163,16 +163,6 @@
</span><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool JSLocation::setPrototype(JSObject*, ExecState* exec, JSValue, bool shouldThrowIfCantSet)
-{
- auto scope = DECLARE_THROW_SCOPE(exec->vm());
-
- if (shouldThrowIfCantSet)
- throwTypeError(exec, scope, ASCIILiteral("Cannot set prototype of this object"));
-
- return false;
-}
-
</del><span class="cx"> JSValue JSLocation::getPrototype(JSObject* object, ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> JSLocation* thisObject = jsCast<JSLocation*>(object);
</span></span></pre></div>
<a id="trunkSourceWebCorepageLocationidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Location.idl (214134 => 214135)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Location.idl 2017-03-18 04:32:10 UTC (rev 214134)
+++ trunk/Source/WebCore/page/Location.idl 2017-03-18 17:52:01 UTC (rev 214135)
</span><span class="lines">@@ -33,9 +33,9 @@
</span><span class="cx"> CustomGetPrototype,
</span><span class="cx"> CustomNamedSetter,
</span><span class="cx"> CustomPreventExtensions,
</span><del>- CustomSetPrototype,
</del><span class="cx"> CustomToStringName,
</span><span class="cx"> GenerateIsReachable=ImplFrame,
</span><ins>+ IsImmutablePrototypeExoticObject,
</ins><span class="cx"> JSCustomDefineOwnProperty,
</span><span class="cx"> JSCustomDefineOwnPropertyOnPrototype,
</span><span class="cx"> JSCustomGetOwnPropertySlotAndDescriptor,
</span></span></pre>
</div>
</div>
</body>
</html>