[Webkit-unassigned] [Bug 94676] New: Object.freeze(window) throws SECURITY_ERR DOM Exception

Wed Aug 22 00:47:38 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=94676

           Summary: Object.freeze(window) throws SECURITY_ERR DOM
                    Exception
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://webreflection.blogspot.com/2012/08/a-safer-js-e
                    nvironment.html
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: andrea.giammarchi at gmail.com

As discussed in my blog post linked in the URL, a procedure that could ensure an absolutely free from gobal pollution, undefined redefinition, native constructors wrappers, on and on, in order to add a strict and safer environment in any JavaScript webpage sandbox, throws (hilariously) a SECURITY_ERR DOM Exception #18.

Firefox, node.js, and even Safari and Chrome freeze the window/global context as expected ( latter two then produces false positive in Object.isFrozen(window) check returning always false)

Opera seems to have same issue here and not sure if that's because of the special "opera" property in the globe context.

REPRODUCE:

Object.freeze(window);
// or
Object.freeze(this);

// throws "SECURITY_ERR: DOM Exception 18"

So now you know :-)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.