• barraclough@apple.com's avatar
    Source/JavaScriptCore: https://bugs.webkit.org/show_bug.cgi?id=120034 · 04551430
    barraclough@apple.com authored
    Remove custom getOwnPropertyDescriptor for global objects
    
    Reviewed by Geoff Garen.
    
    Fix attributes of JSC SynbolTableObject entries, ensure that cross frame access is safe, and suppress prototype chain walk.
    
    * runtime/JSGlobalObject.cpp:
        - Remove custom getOwnPropertyDescriptor implementation.
    * runtime/JSSymbolTableObject.h:
    (JSC::symbolTableGet):
        - The symbol table does not store the DontDelete attribute, we should be adding it back in.
    * runtime/PropertyDescriptor.h:
        - JSDOMWindow walks the prototype chain on own access. This is bad, but for now workaround for the getOwnPropertyDescriptor case.
    * runtime/PropertySlot.h:
    (JSC::PropertySlot::setUndefined):
        - This is used by WebCore when blocking access to properties on cross-frame access.
          Mark blocked properties as read-only, non-configurable to prevent defineProperty.
    
    Source/WebCore: <https://webkit.org/b/120041> Remove superfluous min calls in RenderBlock::computeOverflow
    
    Patch by Ryosuke Niwa <rniwa@webkit.org> on 2013-08-19
    Reviewed by Simon Fraser.
    
    Merge https://chromium.googlesource.com/chromium/blink/+/29cad35d6b4642804e6b7c1a30f0b4435dd7a71d
    
    They are contained in an "if" statement that ensures that textIndent < 0 and so the min will never be 0.
    
    * rendering/RenderBlock.cpp:
    (WebCore::RenderBlock::computeOverflow):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154313 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    04551430
JSGlobalObject.cpp 41.8 KB