bool JSActivation::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { if (symbolTableGet(propertyName, slot)) return true; if (JSValue** location = getDirectLocation(propertyName)) { slot.setValueSlot(location); return true; } // Only return the built-in arguments object if it wasn't overridden above. if (propertyName == exec->propertyNames().arguments) { slot.setCustom(this, getArgumentsGetter()); return true; } // We don't call through to JSObject because there's no way to give an // activation object getter properties or a prototype. ASSERT(!m_propertyMap.hasGetterSetterProperties()); ASSERT(prototype() == jsNull()); return false; }
bool RuntimeArray::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) { if (propertyName == exec->propertyNames().length) { PropertySlot slot; slot.setCustom(this, lengthGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } bool ok; unsigned index = propertyName.toArrayIndex(&ok); if (ok) { if (index < getLength()) { PropertySlot slot; slot.setCustomIndex(this, index, indexGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), DontDelete | DontEnum); return true; } } return JSObject::getOwnPropertyDescriptor(exec, propertyName, descriptor); }
bool JSActivation::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { JSActivation* thisObject = jsCast<JSActivation*>(cell); if (propertyName == exec->propertyNames().arguments) { slot.setCustom(thisObject, thisObject->getArgumentsGetter()); return true; } if (thisObject->symbolTableGet(propertyName, slot)) return true; if (WriteBarrierBase<Unknown>* location = thisObject->getDirectLocation(exec->globalData(), propertyName)) { slot.setValue(location->get()); return true; } // We don't call through to JSObject because there's no way to give an // activation object getter properties or a prototype. ASSERT(!thisObject->hasGetterSetterProperties()); ASSERT(thisObject->prototype().isNull()); return false; }
bool ArrayInstance::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { if (propertyName == exec->propertyNames().length) { slot.setCustom(this, lengthGetter); return true; } bool ok; unsigned index = propertyName.toArrayIndex(&ok); if (ok) { if (index >= length) return false; if (index < storageLength) { JSValue *v = storage[index]; if (!v) return false; slot.setValueSlot(this, &storage[index]); return true; } } return JSObject::getOwnPropertySlot(exec, propertyName, slot); }
bool JSDOMWindowBase::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (impl()->frame()->tree()->child(propertyName)) { slot.setCustom(this, childFrameGetter); return true; } const HashEntry* entry = JSDOMWindowBaseTable.entry(exec, propertyName); if (entry) { if (entry->attributes() & Function) { if (entry->function() == windowProtoFuncShowModalDialog) { if (!canShowModalDialog(impl()->frame())) return false; } if (allowsAccessFrom(exec)) setUpStaticFunctionSlot(exec, entry, this, propertyName, slot); else slot.setUndefined(); } else slot.setCustom(this, entry->propertyGetter()); return true; } // Do prototype lookup early so that functions and attributes in the prototype can have // precedence over the index and name getters. JSValuePtr proto = prototype(); if (proto->isObject()) { if (asObject(proto)->getPropertySlot(exec, propertyName, slot)) { if (!allowsAccessFrom(exec)) slot.setUndefined(); return true; } } // FIXME: Search the whole frame hierachy somewhere around here. // We need to test the correct priority order. // allow window[1] or parent[1] etc. (#56983) bool ok; unsigned i = propertyName.toArrayIndex(&ok); if (ok && i < impl()->frame()->tree()->childCount()) { slot.setCustomIndex(this, i, indexGetter); return true; } if (!allowsAccessFrom(exec)) { slot.setUndefined(); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = impl()->frame()->document(); if (document && document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = AtomicString::find(propertyName); if (atomicPropertyName && (static_cast<HTMLDocument*>(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) { slot.setCustom(this, namedItemGetter); return true; } } return Base::getOwnPropertySlot(exec, propertyName, slot); }
static bool jsDOMWindowGetOwnPropertySlotRestrictedAccess(JSDOMWindow* thisObject, Frame* frame, ExecState* exec, PropertyName propertyName, PropertySlot& slot, const String& errorMessage) { VM& vm = exec->vm(); auto scope = DECLARE_THROW_SCOPE(vm); // We don't want any properties other than "close" and "closed" on a frameless window // (i.e. one whose page got closed, or whose iframe got removed). // FIXME: This handling for frameless windows duplicates similar behaviour for cross-origin // access below; we should try to find a way to merge the two. if (!frame) { if (propertyName == exec->propertyNames().closed) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, jsDOMWindowClosed); return true; } if (propertyName == exec->propertyNames().close) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>); return true; } // FIXME: We should have a message here that explains why the property access/function call was // not allowed. slot.setUndefined(); return true; } // These are the functions we allow access to cross-origin (DoNotCheckSecurity in IDL). // Always provide the original function, on a fresh uncached function object. if (propertyName == exec->propertyNames().blur) { slot.setCustom(thisObject, ReadOnly | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionBlur, 0>); return true; } if (propertyName == exec->propertyNames().close) { slot.setCustom(thisObject, ReadOnly | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>); return true; } if (propertyName == exec->propertyNames().focus) { slot.setCustom(thisObject, ReadOnly | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionFocus, 0>); return true; } if (propertyName == exec->propertyNames().postMessage) { slot.setCustom(thisObject, ReadOnly | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>); return true; } // When accessing cross-origin known Window properties, we always use the original property getter, // even if the property was removed / redefined. As of early 2016, this matches Firefox and Chrome's // behavior. if (auto* entry = JSDOMWindow::info()->staticPropHashTable->entry(propertyName)) { // Only allow access to these specific properties. if (propertyName == exec->propertyNames().location || propertyName == exec->propertyNames().closed || propertyName == exec->propertyNames().length || propertyName == exec->propertyNames().self || propertyName == exec->propertyNames().window || propertyName == exec->propertyNames().frames || propertyName == exec->propertyNames().opener || propertyName == exec->propertyNames().parent || propertyName == exec->propertyNames().top) { bool shouldExposeSetter = propertyName == exec->propertyNames().location; CustomGetterSetter* customGetterSetter = CustomGetterSetter::create(vm, entry->propertyGetter(), shouldExposeSetter ? entry->propertyPutter() : nullptr); slot.setCustomGetterSetter(thisObject, DontEnum | CustomAccessor, customGetterSetter); return true; } // For any other entries in the static property table, deny access. (Early return also prevents // named getter from returning frames with matching names - this seems a little questionable, see // FIXME comment on prototype search below.) throwSecurityError(*exec, scope, errorMessage); slot.setUndefined(); return true; } // Check for child frames by name before built-in properties to match Mozilla. This does // not match IE, but some sites end up naming frames things that conflict with window // properties that are in Moz but not IE. Since we have some of these, we have to do it // the Moz way. if (auto* scopedChild = frame->tree().scopedChild(propertyNameToAtomicString(propertyName))) { slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, toJS(exec, scopedChild->document()->domWindow())); return true; } throwSecurityError(*exec, scope, errorMessage); slot.setUndefined(); return true; }
bool JSDOMWindow::getOwnPropertyDescriptor(ExecState* exec, const Identifier& propertyName, PropertyDescriptor& descriptor) { // Never allow cross-domain getOwnPropertyDescriptor if (!allowsAccessFrom(exec)) return false; const HashEntry* entry; // We don't want any properties other than "close" and "closed" on a closed window. if (!impl()->frame()) { // The following code is safe for cross-domain and same domain use. // It ignores any custom properties that might be set on the DOMWindow (including a custom prototype). entry = s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && !(entry->attributes() & Function) && entry->propertyGetter() == jsDOMWindowClosed) { descriptor.setDescriptor(jsBoolean(true), ReadOnly | DontDelete | DontEnum); return true; } entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && (entry->attributes() & Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) { PropertySlot slot; slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } descriptor.setUndefined(); return true; } entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { PropertySlot slot; slot.setCustom(this, entry->propertyGetter()); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (impl()->frame()->tree()->child(identifierToAtomicString(propertyName))) { PropertySlot slot; slot.setCustom(this, childFrameGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } bool ok; unsigned i = propertyName.toArrayIndex(ok); if (ok && i < impl()->frame()->tree()->childCount()) { PropertySlot slot; slot.setCustomIndex(this, i, indexGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = impl()->frame()->document(); if (document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName); if (atomicPropertyName && (static_cast<HTMLDocument*>(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) { PropertySlot slot; slot.setCustom(this, namedItemGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } } return Base::getOwnPropertyDescriptor(exec, propertyName, descriptor); }
bool JSDOMWindow::getOwnPropertySlot(ExecState* exec, const Identifier& propertyName, PropertySlot& slot) { // When accessing a Window cross-domain, functions are always the native built-in ones, and they // are not affected by properties changed on the Window or anything in its prototype chain. // This is consistent with the behavior of Firefox. const HashEntry* entry; // We don't want any properties other than "close" and "closed" on a closed window. if (!impl()->frame()) { // The following code is safe for cross-domain and same domain use. // It ignores any custom properties that might be set on the DOMWindow (including a custom prototype). entry = s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && !(entry->attributes() & Function) && entry->propertyGetter() == jsDOMWindowClosed) { slot.setCustom(this, entry->propertyGetter()); return true; } entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && (entry->attributes() & Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) { slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); return true; } // FIXME: We should have a message here that explains why the property access/function call was // not allowed. slot.setUndefined(); return true; } // We need to check for cross-domain access here without printing the generic warning message // because we always allow access to some function, just different ones depending whether access // is allowed. String errorMessage; bool allowsAccess = allowsAccessFrom(exec, errorMessage); // Look for overrides before looking at any of our own properties, but ignore overrides completely // if this is cross-domain access. if (allowsAccess && JSGlobalObject::getOwnPropertySlot(exec, propertyName, slot)) return true; // We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the // prototype due to the blanket same origin (allowsAccessFrom) check at the end of getOwnPropertySlot. // Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of // what prototype is actually set on this object. entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { if (entry->attributes() & Function) { if (entry->function() == jsDOMWindowPrototypeFunctionBlur) { if (!allowsAccess) { slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionBlur, 0>); return true; } } else if (entry->function() == jsDOMWindowPrototypeFunctionClose) { if (!allowsAccess) { slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); return true; } } else if (entry->function() == jsDOMWindowPrototypeFunctionFocus) { if (!allowsAccess) { slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionFocus, 0>); return true; } } else if (entry->function() == jsDOMWindowPrototypeFunctionPostMessage) { if (!allowsAccess) { slot.setCustom(this, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionPostMessage, 2>); return true; } } else if (entry->function() == jsDOMWindowPrototypeFunctionShowModalDialog) { if (!DOMWindow::canShowModalDialog(impl()->frame())) { slot.setUndefined(); return true; } } } } else { // Allow access to toString() cross-domain, but always Object.prototype.toString. if (propertyName == exec->propertyNames().toString) { if (!allowsAccess) { slot.setCustom(this, objectToStringFunctionGetter); return true; } } } entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { slot.setCustom(this, entry->propertyGetter()); return true; } // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (impl()->frame()->tree()->child(identifierToAtomicString(propertyName))) { slot.setCustom(this, childFrameGetter); return true; } // Do prototype lookup early so that functions and attributes in the prototype can have // precedence over the index and name getters. JSValue proto = prototype(); if (proto.isObject()) { if (asObject(proto)->getPropertySlot(exec, propertyName, slot)) { if (!allowsAccess) { printErrorMessage(errorMessage); slot.setUndefined(); } return true; } } // FIXME: Search the whole frame hierarchy somewhere around here. // We need to test the correct priority order. // allow window[1] or parent[1] etc. (#56983) bool ok; unsigned i = propertyName.toArrayIndex(ok); if (ok && i < impl()->frame()->tree()->childCount()) { slot.setCustomIndex(this, i, indexGetter); return true; } if (!allowsAccess) { printErrorMessage(errorMessage); slot.setUndefined(); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = impl()->frame()->document(); if (document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName); if (atomicPropertyName && (static_cast<HTMLDocument*>(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) { slot.setCustom(this, namedItemGetter); return true; } } return Base::getOwnPropertySlot(exec, propertyName, slot); }
bool JSDOMWindow::getOwnPropertyDescriptor(JSObject* object, ExecState* exec, PropertyName propertyName, PropertyDescriptor& descriptor) { JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); // Never allow cross-domain getOwnPropertyDescriptor if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->impl())) return false; const HashEntry* entry; // We don't want any properties other than "close" and "closed" on a closed window. if (!thisObject->impl()->frame()) { // The following code is safe for cross-domain and same domain use. // It ignores any custom properties that might be set on the DOMWindow (including a custom prototype). entry = s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && !(entry->attributes() & JSC::Function) && entry->propertyGetter() == jsDOMWindowClosed) { descriptor.setDescriptor(jsBoolean(true), ReadOnly | DontDelete | DontEnum); return true; } entry = JSDOMWindowPrototype::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry && (entry->attributes() & JSC::Function) && entry->function() == jsDOMWindowPrototypeFunctionClose) { PropertySlot slot; slot.setCustom(thisObject, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } descriptor.setUndefined(); return true; } entry = JSDOMWindow::s_info.propHashTable(exec)->entry(exec, propertyName); if (entry) { PropertySlot slot; slot.setCustom(thisObject, entry->propertyGetter()); descriptor.setDescriptor(slot.getValue(exec, propertyName), entry->attributes()); return true; } // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (thisObject->impl()->frame()->tree()->scopedChild(propertyNameToAtomicString(propertyName))) { PropertySlot slot; slot.setCustom(thisObject, childFrameGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } unsigned i = propertyName.asIndex(); if (i < thisObject->impl()->frame()->tree()->scopedChildCount()) { ASSERT(i != PropertyName::NotAnIndex); PropertySlot slot; slot.setCustomIndex(thisObject, i, indexGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = thisObject->impl()->frame()->document(); if (document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName); if (atomicPropertyName && (toHTMLDocument(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) { PropertySlot slot; slot.setCustom(thisObject, namedItemGetter); descriptor.setDescriptor(slot.getValue(exec, propertyName), ReadOnly | DontDelete | DontEnum); return true; } } return Base::getOwnPropertyDescriptor(thisObject, exec, propertyName, descriptor); }
bool JSDOMWindow::getOwnPropertySlotByIndex(JSCell* cell, ExecState* exec, unsigned index, PropertySlot& slot) { JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell); if (!thisObject->impl()->frame()) { // FIXME: We should have a message here that explains why the property access/function call was // not allowed. slot.setUndefined(); return true; } // We need to check for cross-domain access here without printing the generic warning message // because we always allow access to some function, just different ones depending whether access // is allowed. String errorMessage; bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage); // Look for overrides before looking at any of our own properties, but ignore overrides completely // if this is cross-domain access. if (allowsAccess && JSGlobalObject::getOwnPropertySlotByIndex(thisObject, exec, index, slot)) return true; PropertyName propertyName = Identifier::from(exec, index); // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (thisObject->impl()->frame()->tree()->scopedChild(propertyNameToAtomicString(propertyName))) { slot.setCustom(thisObject, childFrameGetter); return true; } // Do prototype lookup early so that functions and attributes in the prototype can have // precedence over the index and name getters. JSValue proto = thisObject->prototype(); if (proto.isObject()) { if (asObject(proto)->getPropertySlot(exec, index, slot)) { if (!allowsAccess) { thisObject->printErrorMessage(errorMessage); slot.setUndefined(); } return true; } } // FIXME: Search the whole frame hierarchy somewhere around here. // We need to test the correct priority order. // allow window[1] or parent[1] etc. (#56983) if (index < thisObject->impl()->frame()->tree()->scopedChildCount()) { ASSERT(index != PropertyName::NotAnIndex); slot.setCustomIndex(thisObject, index, indexGetter); return true; } if (!allowsAccess) { thisObject->printErrorMessage(errorMessage); slot.setUndefined(); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = thisObject->impl()->frame()->document(); if (document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName); if (atomicPropertyName && (toHTMLDocument(document)->hasNamedItem(atomicPropertyName) || document->hasElementWithId(atomicPropertyName))) { slot.setCustom(thisObject, namedItemGetter); return true; } } return Base::getOwnPropertySlotByIndex(thisObject, exec, index, slot); }
bool JSDOMWindow::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot) { JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); // When accessing a Window cross-domain, functions are always the native built-in ones, and they // are not affected by properties changed on the Window or anything in its prototype chain. // This is consistent with the behavior of Firefox. // We don't want any properties other than "close" and "closed" on a frameless window (i.e. one whose page got closed, // or whose iframe got removed). // FIXME: This doesn't fully match Firefox, which allows at least toString in addition to those. if (!thisObject->impl().frame()) { // The following code is safe for cross-domain and same domain use. // It ignores any custom properties that might be set on the DOMWindow (including a custom prototype). if (propertyName == exec->propertyNames().closed) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, jsDOMWindowClosed); return true; } if (propertyName == exec->propertyNames().close) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); return true; } // FIXME: We should have a message here that explains why the property access/function call was // not allowed. slot.setUndefined(); return true; } else slot.setWatchpointSet(thisObject->m_windowCloseWatchpoints); // We need to check for cross-domain access here without printing the generic warning message // because we always allow access to some function, just different ones depending whether access // is allowed. String errorMessage; bool allowsAccess = shouldAllowAccessToDOMWindow(exec, thisObject->impl(), errorMessage); // Look for overrides before looking at any of our own properties, but ignore overrides completely // if this is cross-domain access. if (allowsAccess && JSGlobalObject::getOwnPropertySlot(thisObject, exec, propertyName, slot)) return true; // We need this code here because otherwise JSDOMWindowBase will stop the search before we even get to the // prototype due to the blanket same origin (shouldAllowAccessToDOMWindow) check at the end of getOwnPropertySlot. // Also, it's important to get the implementation straight out of the DOMWindow prototype regardless of // what prototype is actually set on this object. if (propertyName == exec->propertyNames().blur) { if (!allowsAccess) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionBlur, 0>); return true; } } else if (propertyName == exec->propertyNames().close) { if (!allowsAccess) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionClose, 0>); return true; } } else if (propertyName == exec->propertyNames().focus) { if (!allowsAccess) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionFocus, 0>); return true; } } else if (propertyName == exec->propertyNames().postMessage) { if (!allowsAccess) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowPrototypeFunctionPostMessage, 2>); return true; } } else if (propertyName == exec->propertyNames().showModalDialog) { if (!DOMWindow::canShowModalDialog(thisObject->impl().frame())) { slot.setUndefined(); return true; } } else if (propertyName == exec->propertyNames().toString) { // Allow access to toString() cross-domain, but always Object.prototype.toString. if (!allowsAccess) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, objectToStringFunctionGetter); return true; } } const HashTableValue* entry = JSDOMWindow::info()->propHashTable(exec)->entry(exec, propertyName); if (entry) { slot.setCacheableCustom(thisObject, allowsAccess ? entry->attributes() : ReadOnly | DontDelete | DontEnum, entry->propertyGetter()); return true; } #if ENABLE(USER_MESSAGE_HANDLERS) if (propertyName == exec->propertyNames().webkit && thisObject->impl().shouldHaveWebKitNamespaceForWorld(thisObject->world())) { slot.setCacheableCustom(thisObject, allowsAccess ? DontDelete | ReadOnly : ReadOnly | DontDelete | DontEnum, jsDOMWindowWebKit); return true; } #endif // Do prototype lookup early so that functions and attributes in the prototype can have // precedence over the index and name getters. JSValue proto = thisObject->prototype(); if (proto.isObject()) { if (asObject(proto)->getPropertySlot(exec, propertyName, slot)) { if (!allowsAccess) { thisObject->printErrorMessage(errorMessage); slot.setUndefined(); } return true; } } // After this point it is no longer valid to cache any results because of // the impure nature of the property accesses which follow. We can move this // statement further down when we add ways to mitigate these impurities with, // for example, watchpoints. slot.disableCaching(); // Check for child frames by name before built-in properties to // match Mozilla. This does not match IE, but some sites end up // naming frames things that conflict with window properties that // are in Moz but not IE. Since we have some of these, we have to do // it the Moz way. if (thisObject->impl().frame()->tree().scopedChild(propertyNameToAtomicString(propertyName))) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, childFrameGetter); return true; } // FIXME: Search the whole frame hierarchy somewhere around here. // We need to test the correct priority order. // allow window[1] or parent[1] etc. (#56983) unsigned i = propertyName.asIndex(); if (i < thisObject->impl().frame()->tree().scopedChildCount()) { ASSERT(i != PropertyName::NotAnIndex); slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, toJS(exec, thisObject->impl().frame()->tree().scopedChild(i)->document()->domWindow())); return true; } if (!allowsAccess) { thisObject->printErrorMessage(errorMessage); slot.setUndefined(); return true; } // Allow shortcuts like 'Image1' instead of document.images.Image1 Document* document = thisObject->impl().frame()->document(); if (document->isHTMLDocument()) { AtomicStringImpl* atomicPropertyName = findAtomicString(propertyName); if (atomicPropertyName && toHTMLDocument(document)->hasWindowNamedItem(*atomicPropertyName)) { slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, namedItemGetter); return true; } } return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot); }