Skip to content

Commit b217434

Browse files
t2ymt2ym
committed
[demo][acl] Fix #229. Exclude multiple ACLs for global object properties
1 parent 1d59416 commit b217434

5 files changed

+67
-8
lines changed

demo/hook-callback.js

+12-6
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ Copyright (c) 2017, Tetsuya Mori <[email protected]>. All rights reserved.
5959
}
6060
var _globalMethods = new Map();
6161
const excludedGlobalProperties = { isSecureContext: true };
62+
const mainGlobalObjectName = typeof window === 'object' ? 'window' : 'self';
6263
Object.entries(Object.getOwnPropertyDescriptors(_global))
6364
.filter(([name, desc]) => desc.get && desc.set && desc.configurable &&
6465
(name.startsWith('on') ||
@@ -71,12 +72,12 @@ Copyright (c) 2017, Tetsuya Mori <[email protected]>. All rights reserved.
7172
var _globalObjects = Object.keys(_globalPropertyDescriptors)
7273
.sort()
7374
.reduce((acc, curr) => {
74-
const globalObjectNames = ['_global', 'frames', 'top', 'global', 'self', 'window'];
75+
const globalObjectNames = ['_global', 'frames', 'top', 'global', 'self', 'window', 'parent'];
7576
//const globalProperties = { history: true, navigator: true, applicationCache: true, crypto: true, localStorage: true, indexedDB: true, caches: true, sessionStorage: true, document: true };
7677
if (_globalPropertyDescriptors[curr].value && typeof _globalPropertyDescriptors[curr].value !== 'number') {
7778
let existing = acc.get(_globalPropertyDescriptors[curr].value);
7879
if (globalObjectNames.indexOf(curr) >= 0) {
79-
if (globalObjectNames.indexOf(existing) < globalObjectNames.indexOf(curr)) {
80+
if (curr === mainGlobalObjectName) {
8081
acc.set(_globalPropertyDescriptors[curr].value, curr);
8182
let properties = Object.getOwnPropertyDescriptors(_globalPropertyDescriptors[curr].value);
8283
let prop;
@@ -109,7 +110,7 @@ Copyright (c) 2017, Tetsuya Mori <[email protected]>. All rights reserved.
109110
else if (_globalPropertyDescriptors[curr].get && typeof _globalPropertyDescriptors[curr].get === 'function' && _global[curr] /*&& !_globalPropertyDescriptors[curr].set*/) {
110111
let existing = acc.get(_global[curr]);
111112
if (globalObjectNames.indexOf(curr) >= 0) {
112-
if (globalObjectNames.indexOf(existing) < globalObjectNames.indexOf(curr)) {
113+
if (curr === mainGlobalObjectName) {
113114
if (_global[curr]) {
114115
acc.set(_global[curr], curr);
115116
let properties = Object.getOwnPropertyDescriptors(_global[curr]);
@@ -950,8 +951,13 @@ Copyright (c) 2017, Tetsuya Mori <[email protected]>. All rights reserved.
950951
__unexpected_access_to_hook_alias_object__: '---',
951952
hook: '---',
952953
$hook$: '---',
953-
// blacklist properties
954-
window: {
954+
top: 'r--',
955+
parent: 'r--',
956+
frames: 'r--',
957+
global: 'r--',
958+
self: 'r--',
959+
_global: 'r--',
960+
[mainGlobalObjectName]: { // overwrite self: in worker threads
955961
[S_OBJECT]: 'r--',
956962
[S_DEFAULT]: Policy.avoidGlobalClone(),
957963
[S_ALL]: '---',
@@ -3507,7 +3513,7 @@ Copyright (c) 2017, Tetsuya Mori <[email protected]>. All rights reserved.
35073513
'hookBenchmark',
35083514
].forEach(n => {
35093515
Object.assign(acl, { [n]: '---' });
3510-
Object.assign(acl.window, { [n]: '---' });
3516+
Object.assign(acl[mainGlobalObjectName], { [n]: '---' });
35113517
});
35123518
const chainAcl = function chainAcl(_acl, path = [ [_acl, 'acl'] ]) {
35133519
let properties = Object.getOwnPropertySymbols(_acl).concat(Object.getOwnPropertyNames(_acl));

demo/index.html

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
<html lang="en">
1616
<head>
1717
<meta charset="utf-8">
18-
<script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=b3a506717268e34c304472cb49f42b8c809b783026b86a0ca6728f2ed690bf67,8096ea73fa88cb60353c8741b8bd41d044fbfc6750e318909f938ea65e64d574,b08b09b3cb1ff096c2117b133d38d848a0b486499e93fbd17b2f3ebf05f0c905,de5407e69386ad2e9aac39e5bc621ba098bd5b5678b0226696a895fc777cad79,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
18+
<script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=b3a506717268e34c304472cb49f42b8c809b783026b86a0ca6728f2ed690bf67,f724e8c53cb2373b28607e1e1c2e8acf372270f03721c3fb529b095256a3dce6,b08b09b3cb1ff096c2117b133d38d848a0b486499e93fbd17b2f3ebf05f0c905,de5407e69386ad2e9aac39e5bc621ba098bd5b5678b0226696a895fc777cad79,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
1919
<script context-generator src="no-hook-authorization.js?no-hook=true"></script>
2020
<script context-generator src="context-generator.js?no-hook=true"></script>
2121
<script context-generator no-hook>

demo/normalize.js

+41
Original file line numberDiff line numberDiff line change
@@ -1821,6 +1821,47 @@
18211821
navigator.language; // acl.DummyContainer.navigator.language is applied to global navigator
18221822
}, /^Permission Denied:/);
18231823

1824+
// global objects
1825+
chai.assert.throws(() => {
1826+
_global = undefined;
1827+
}, /^Permission Denied:/);
1828+
1829+
chai.assert.throws(() => {
1830+
frames = undefined;
1831+
}, /^Permission Denied:/);
1832+
1833+
chai.assert.throws(() => {
1834+
top = undefined;
1835+
}, /^Permission Denied:/);
1836+
1837+
chai.assert.throws(() => {
1838+
self = undefined;
1839+
}, /^Permission Denied:/);
1840+
1841+
chai.assert.throws(() => {
1842+
window = undefined;
1843+
}, /^Permission Denied:/);
1844+
1845+
chai.assert.throws(() => {
1846+
_global.caches;
1847+
}, /^Permission Denied:/);
1848+
1849+
chai.assert.throws(() => {
1850+
frames.caches;
1851+
}, /^Permission Denied:/);
1852+
1853+
chai.assert.throws(() => {
1854+
top.caches;
1855+
}, /^Permission Denied:/);
1856+
1857+
chai.assert.throws(() => {
1858+
self.caches;
1859+
}, /^Permission Denied:/);
1860+
1861+
chai.assert.throws(() => {
1862+
window.caches;
1863+
}, /^Permission Denied:/);
1864+
18241865
}
18251866
() => {
18261867
let target, property, value, attributes, proto, prototype, receiver, args, arg1, arg2, p, v;

demo/original-index.html

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
<html lang="en">
1616
<head>
1717
<meta charset="utf-8">
18-
<script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=b3a506717268e34c304472cb49f42b8c809b783026b86a0ca6728f2ed690bf67,8096ea73fa88cb60353c8741b8bd41d044fbfc6750e318909f938ea65e64d574,b08b09b3cb1ff096c2117b133d38d848a0b486499e93fbd17b2f3ebf05f0c905,de5407e69386ad2e9aac39e5bc621ba098bd5b5678b0226696a895fc777cad79,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
18+
<script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=b3a506717268e34c304472cb49f42b8c809b783026b86a0ca6728f2ed690bf67,f724e8c53cb2373b28607e1e1c2e8acf372270f03721c3fb529b095256a3dce6,b08b09b3cb1ff096c2117b133d38d848a0b486499e93fbd17b2f3ebf05f0c905,de5407e69386ad2e9aac39e5bc621ba098bd5b5678b0226696a895fc777cad79,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
1919
<script context-generator src="no-hook-authorization.js?no-hook=true"></script>
2020
<script context-generator src="context-generator.js?no-hook=true"></script>
2121
<script context-generator no-hook>

demo/web-worker.js

+12
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,18 @@ try {
55
catch (e) {
66
console.log('web-worker.js: invalidating invalid.json in importScripts', e);
77
}
8+
try {
9+
Object.getOwnPropertyDescriptors(self);
10+
throw new Error('web-worker.js: Object.getOwnPropertyDescriptors(self) does not throw');
11+
}
12+
catch (e) {
13+
if (e.message.startsWith('web-worker.js:')) {
14+
throw e;
15+
}
16+
else {
17+
console.log('web-worker.js:', e.message);
18+
}
19+
}
820
self.addEventListener('message', function onMessage(event) {
921
console.log('web-worker.js: received message ', JSON.stringify(event.data));
1022
let workerResult = event.data[0] * event.data[1];

0 commit comments

Comments
 (0)