• benm@google.com's avatar
    `localStorage.setItem` can overwrite `localStorage` methods · 3868bff6
    benm@google.com authored
    https://bugs.webkit.org/show_bug.cgi?id=30996
    
    Source/WebCore:
    
    Update the JSC and V8 bindings such that if the name of the DOM
    Storage property being retrieved is a match for a property in the
    prototype, always return the prototype version. If there is a DOM
    Storage key of the same name, it can still be retrieved via the
    getItem method. This prevents storage methods from being
    accidentally hidden. This brings WebKit behavior in line with the
    de facto standard implemented by FireFox and IE.
    
    Reviewed by Kentaro Hara.
    
    Test: storage/domstorage/storage-functions-not-overwritten.html
    
    * bindings/js/JSStorageCustom.cpp:
    (WebCore::JSStorage::nameGetter):
    * bindings/v8/custom/V8StorageCustom.cpp:
    (WebCore::V8Storage::namedPropertyGetter):
    
    LayoutTests:
    
    Add a test to verify that setting a DOM Storage key with the same name
    as a function on the Storage object does not prevent that function
    being called, but also that it can still be retrieved via the getItem
    function.
    
    Reviewed by Kentaro Hara.
    
    * storage/domstorage/script-tests/storage-functions-not-overwritten.js: Added.
    (doWedgeThySelf):
    (testStorage):
    (runTest):
    * storage/domstorage/storage-functions-not-overwritten-expected.txt: Added.
    * storage/domstorage/storage-functions-not-overwritten.html: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114427 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    3868bff6
ChangeLog 9.9 MB
The source could not be displayed because it is larger than 1 MB. You can load it anyway or download it instead.