|
|
@@ -0,0 +1,272 @@
|
|
|
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
+From: Yuki Shiino <[email protected]>
|
|
|
+Date: Tue, 23 Aug 2022 09:18:50 +0000
|
|
|
+Subject: bindings: Add argument type checks to ObservableArray<T>
|
|
|
+
|
|
|
+Performs type checks for arguments of trap functions and throws
|
|
|
+a TypeError if a type is wrong.
|
|
|
+
|
|
|
+(cherry picked from commit 4d67bb1dbf55e2eddf513f29ac33e38e8e1d2fab)
|
|
|
+
|
|
|
+Bug: 1352549
|
|
|
+Change-Id: I66df3a9eeae5e4f44bdf714666a2c6304ebec0f5
|
|
|
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3835494
|
|
|
+Auto-Submit: Yuki Shiino <[email protected]>
|
|
|
+Reviewed-by: Kentaro Hara <[email protected]>
|
|
|
+Commit-Queue: Kentaro Hara <[email protected]>
|
|
|
+Cr-Original-Commit-Position: refs/heads/main@{#1036005}
|
|
|
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3849901
|
|
|
+Cr-Commit-Position: refs/branch-heads/5112@{#1514}
|
|
|
+Cr-Branched-From: b13d3fe7b3c47a56354ef54b221008afa754412e-refs/heads/main@{#1012729}
|
|
|
+
|
|
|
+diff --git a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_handler.h b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_handler.h
|
|
|
+index 1b31781f4b445b2dab7967b1137c28de50455623..4b17428992c66fad9f7eee1e2956f4218017fb8f 100644
|
|
|
+--- a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_handler.h
|
|
|
++++ b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_handler.h
|
|
|
+@@ -54,13 +54,17 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
+- v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
+- v8::Local<v8::Value> v8_desc_obj = info[2];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
+ ExceptionState exception_state(
|
|
|
+- isolate, ExceptionContext::Context::kNamedPropertyDefine,
|
|
|
+- backing_list.ObservableArrayNameInIDL());
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "defineProperty");
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName() && info[2]->IsObject())) {
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
++ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
++ v8::Local<v8::Object> v8_desc_obj = info[2].As<v8::Object>();
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ V8PropertyDescriptorBag desc_bag;
|
|
|
+ V8ObjectToPropertyDescriptor(isolate, v8_desc_obj, desc_bag,
|
|
|
+@@ -112,9 +116,7 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ desc.set_configurable(desc_bag.configurable);
|
|
|
+ if (desc_bag.has_enumerable)
|
|
|
+ desc.set_enumerable(desc_bag.enumerable);
|
|
|
+- if (!v8_target
|
|
|
+- ->DefineProperty(current_context, v8_property.As<v8::Name>(),
|
|
|
+- desc)
|
|
|
++ if (!v8_target->DefineProperty(current_context, v8_property, desc)
|
|
|
+ .To(&is_defined)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+@@ -124,9 +126,7 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ desc.set_configurable(desc_bag.configurable);
|
|
|
+ if (desc_bag.has_enumerable)
|
|
|
+ desc.set_enumerable(desc_bag.enumerable);
|
|
|
+- if (!v8_target
|
|
|
+- ->DefineProperty(current_context, v8_property.As<v8::Name>(),
|
|
|
+- desc)
|
|
|
++ if (!v8_target->DefineProperty(current_context, v8_property, desc)
|
|
|
+ .To(&is_defined)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+@@ -139,9 +139,16 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName())) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "deleteProperty");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ if (v8_property->IsString()) {
|
|
|
+ v8::Local<v8::Uint32> v8_index;
|
|
|
+@@ -154,7 +161,7 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ ScriptState* script_state = ScriptState::From(current_context);
|
|
|
+ ExceptionState exception_state(
|
|
|
+ isolate, ExceptionContext::Context::kIndexedPropertyDelete,
|
|
|
+- backing_list.ObservableArrayNameInIDL());
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL());
|
|
|
+ if (!RunDeleteAlgorithm(script_state, backing_list, index,
|
|
|
+ exception_state)) {
|
|
|
+ return;
|
|
|
+@@ -181,9 +188,16 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ static void TrapGet(const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName())) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "get");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ if (v8_property->IsString()) {
|
|
|
+ v8::Local<v8::Uint32> v8_index;
|
|
|
+@@ -221,9 +235,17 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName())) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(),
|
|
|
++ "getOwnPropertyDescriptor");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ if (v8_property->IsString()) {
|
|
|
+ v8::Local<v8::Uint32> v8_index;
|
|
|
+@@ -258,9 +280,7 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ }
|
|
|
+
|
|
|
+ v8::Local<v8::Value> v8_value;
|
|
|
+- if (!v8_target
|
|
|
+- ->GetOwnPropertyDescriptor(current_context,
|
|
|
+- v8_property.As<v8::Name>())
|
|
|
++ if (!v8_target->GetOwnPropertyDescriptor(current_context, v8_property)
|
|
|
+ .ToLocal(&v8_value)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+@@ -271,9 +291,16 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ static void TrapHas(const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName())) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "has");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ if (v8_property->IsString()) {
|
|
|
+ v8::Local<v8::Uint32> v8_index;
|
|
|
+@@ -300,8 +327,15 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ static void TrapOwnKeys(const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!info[0]->IsArray()) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "ownKeys");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ // 2. Let length be handler.[[BackingList]]'s size.
|
|
|
+ // 3. Let keys be an empty list.
|
|
|
+@@ -357,17 +391,24 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ static void TrapSet(const v8::FunctionCallbackInfo<v8::Value>& info) {
|
|
|
+ v8::Isolate* isolate = info.GetIsolate();
|
|
|
+ v8::Local<v8::Context> current_context = isolate->GetCurrentContext();
|
|
|
++ if (!(info[0]->IsArray() && info[1]->IsName())) {
|
|
|
++ ExceptionState exception_state(
|
|
|
++ isolate, ExceptionContext::Context::kOperationInvoke,
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "set");
|
|
|
++ exception_state.ThrowTypeError("Invalid argument.");
|
|
|
++ return;
|
|
|
++ }
|
|
|
+ v8::Local<v8::Array> v8_target = info[0].As<v8::Array>();
|
|
|
+- v8::Local<v8::Value> v8_property = info[1];
|
|
|
++ v8::Local<v8::Name> v8_property = info[1].As<v8::Name>();
|
|
|
+ v8::Local<v8::Value> v8_value = info[2];
|
|
|
+- BackingListWrappable& backing_list = ToWrappableUnsafe(isolate, v8_target);
|
|
|
++ BackingListWrappable& backing_list = ToWrappableOrDie(isolate, v8_target);
|
|
|
+
|
|
|
+ if (v8_property->IsString()) {
|
|
|
+ v8::Local<v8::Uint32> v8_index;
|
|
|
+ if (v8_property->ToArrayIndex(current_context).ToLocal(&v8_index)) {
|
|
|
+ ExceptionState exception_state(
|
|
|
+ isolate, ExceptionContext::Context::kIndexedPropertySet,
|
|
|
+- backing_list.ObservableArrayNameInIDL());
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL());
|
|
|
+ uint32_t index = v8_index->Value();
|
|
|
+ bool result =
|
|
|
+ DoSetTheIndexedValue(isolate, current_context, backing_list, index,
|
|
|
+@@ -380,7 +421,7 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ V8AtomicString(isolate, "length"))) {
|
|
|
+ ExceptionState exception_state(
|
|
|
+ isolate, ExceptionContext::Context::kAttributeSet,
|
|
|
+- backing_list.ObservableArrayNameInIDL(), "length");
|
|
|
++ BackingListWrappable::ObservableArrayNameInIDL(), "length");
|
|
|
+ bool result = DoSetTheLength(isolate, current_context, backing_list,
|
|
|
+ v8_value, exception_state);
|
|
|
+ V8SetReturnValue(info, result);
|
|
|
+@@ -431,11 +472,11 @@ class ObservableArrayExoticObjectHandler {
|
|
|
+ }
|
|
|
+
|
|
|
+ private:
|
|
|
+- static BackingListWrappable& ToWrappableUnsafe(v8::Isolate* isolate,
|
|
|
+- v8::Local<v8::Array> target) {
|
|
|
++ static BackingListWrappable& ToWrappableOrDie(v8::Isolate* isolate,
|
|
|
++ v8::Local<v8::Array> target) {
|
|
|
+ bindings::ObservableArrayBase* base =
|
|
|
+ bindings::ObservableArrayExoticObjectImpl::
|
|
|
+- ProxyTargetToObservableArrayBase(isolate, target);
|
|
|
++ ProxyTargetToObservableArrayBaseOrDie(isolate, target);
|
|
|
+ return *static_cast<BackingListWrappable*>(base);
|
|
|
+ }
|
|
|
+
|
|
|
+diff --git a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.cc b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.cc
|
|
|
+index 8672414aba480c4af3b7431e6db071a03d61569e..88c2adf501a3a3088c635c8d24215fbce787b3e5 100644
|
|
|
+--- a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.cc
|
|
|
++++ b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.cc
|
|
|
+@@ -42,7 +42,7 @@ const WrapperTypeInfo& ObservableArrayExoticObjectImpl::wrapper_type_info_ =
|
|
|
+
|
|
|
+ // static
|
|
|
+ bindings::ObservableArrayBase*
|
|
|
+-ObservableArrayExoticObjectImpl::ProxyTargetToObservableArrayBase(
|
|
|
++ObservableArrayExoticObjectImpl::ProxyTargetToObservableArrayBaseOrDie(
|
|
|
+ v8::Isolate* isolate,
|
|
|
+ v8::Local<v8::Array> v8_proxy_target) {
|
|
|
+ // See the implementation comment in ObservableArrayExoticObjectImpl::Wrap.
|
|
|
+@@ -50,6 +50,8 @@ ObservableArrayExoticObjectImpl::ProxyTargetToObservableArrayBase(
|
|
|
+ V8PrivateProperty::GetSymbol(isolate, kV8ProxyTargetToV8WrapperKey);
|
|
|
+ v8::Local<v8::Value> backing_list_wrapper =
|
|
|
+ private_property.GetOrUndefined(v8_proxy_target).ToLocalChecked();
|
|
|
++ // Crash when author script managed to pass something else other than the
|
|
|
++ // right proxy target object.
|
|
|
+ CHECK(backing_list_wrapper->IsObject());
|
|
|
+ return ToScriptWrappable(backing_list_wrapper.As<v8::Object>())
|
|
|
+ ->ToImpl<bindings::ObservableArrayBase>();
|
|
|
+diff --git a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.h b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.h
|
|
|
+index 4d262a4981c1404d9b403b0fcf4ec9d71e109bea..8c56428c40e5b0d246b45c741f8bdcbfdcfb23ee 100644
|
|
|
+--- a/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.h
|
|
|
++++ b/third_party/blink/renderer/bindings/core/v8/observable_array_exotic_object_impl.h
|
|
|
+@@ -22,7 +22,7 @@ class CORE_EXPORT ObservableArrayExoticObjectImpl final
|
|
|
+ public:
|
|
|
+ // Returns the backing list object extracted from the proxy target object
|
|
|
+ // of type JS Array.
|
|
|
+- static bindings::ObservableArrayBase* ProxyTargetToObservableArrayBase(
|
|
|
++ static bindings::ObservableArrayBase* ProxyTargetToObservableArrayBaseOrDie(
|
|
|
+ v8::Isolate* isolate,
|
|
|
+ v8::Local<v8::Array> v8_proxy_target);
|
|
|
+
|
Pedro Pontes