diff options
| author | ager@google.com <ager@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-04 13:02:55 +0000 |
|---|---|---|
| committer | ager@google.com <ager@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-04 13:02:55 +0000 |
| commit | 8c24781522df3715ba67507cf39749e487357fe6 (patch) | |
| tree | 245279b18d125aa10531928bb5105483f81a0efa /webkit/port/page | |
| parent | 227b893438d86342020ee9b4a7cbf17b03d4452b (diff) | |
| download | chromium_src-8c24781522df3715ba67507cf39749e487357fe6.zip chromium_src-8c24781522df3715ba67507cf39749e487357fe6.tar.gz chromium_src-8c24781522df3715ba67507cf39749e487357fe6.tar.bz2 | |
Fix two issues with window.location:
- Disallow shadowing of window.location using __defineGetter__ and
__defineSetter__.
- Make sure that funtions such as toString on location objects cannot
be overwritten by user functions.
This needs V8 revision 656. This will be put back once we have pushed
that version.
Review URL: http://codereview.chromium.org/8737
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@4598 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/port/page')
| -rw-r--r-- | webkit/port/page/DOMWindow.idl | 2 | ||||
| -rw-r--r-- | webkit/port/page/Location.idl | 12 |
2 files changed, 8 insertions, 6 deletions
diff --git a/webkit/port/page/DOMWindow.idl b/webkit/port/page/DOMWindow.idl index c6f51f3..a0a94b2 100644 --- a/webkit/port/page/DOMWindow.idl +++ b/webkit/port/page/DOMWindow.idl @@ -52,7 +52,7 @@ module window { attribute [Replaceable] BarInfo toolbar; attribute [Replaceable] Navigator navigator; attribute [Replaceable, v8referenceattr=navigator] Navigator clientInformation; - attribute [DoNotCheckDomainSecurity, CustomSetter] Location location; + attribute [DoNotCheckDomainSecurity, CustomSetter, v8ProhibitsOverwriting] Location location; DOMSelection getSelection(); diff --git a/webkit/port/page/Location.idl b/webkit/port/page/Location.idl index 473522a..092b81d 100644 --- a/webkit/port/page/Location.idl +++ b/webkit/port/page/Location.idl @@ -13,10 +13,12 @@ module core { attribute DOMString protocol; attribute DOMString search; - [DoNotCheckDomainSecurity] void reload(in boolean forceget); - [DoNotCheckDomainSecurity] void replace(in DOMString url); - [DoNotCheckDomainSecurity] void assign(in DOMString url); - - [DontEnum] DOMString toString(); + // For security reasons, these functions are on the instance + // instead of on the prototype object to insure that they cannot + // be overwritten. + [DoNotCheckDomainSecurity, v8OnInstance] void reload(in boolean forceget); + [DoNotCheckDomainSecurity, v8OnInstance] void replace(in DOMString url); + [DoNotCheckDomainSecurity, v8OnInstance] void assign(in DOMString url); + [ReadOnly, DontEnum, v8OnInstance] DOMString toString(); }; } |