OpenJDK / aarch32-port / jdk9 / nashorn
changeset 1444:8535274223d7
8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
Reviewed-by: attila, hannesw
| author | sundar |
|---|---|
| date | Mon, 28 Sep 2015 18:58:52 +0530 |
| parents | f436923c391f |
| children | f62799ca2ade |
| files | src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java |
| diffstat | 3 files changed, 26 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200 +++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530 @@ -107,9 +107,10 @@ return null; } - final GuardedInvocation inv; + GuardedInvocation inv; if (jsObjectClass.isInstance(self)) { inv = lookup(desc, request, linkerServices); + inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard()); } else { throw new AssertionError(); // Should never reach here. }
--- a/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200 +++ b/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530 @@ -77,9 +77,10 @@ return null; } - final GuardedInvocation inv; + GuardedInvocation inv; if (self instanceof JSObject) { inv = lookup(desc, request, linkerServices); + inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard()); } else if (self instanceof Map || self instanceof Bindings) { // guard to make sure the Map or Bindings does not turn into JSObject later! final GuardedInvocation beanInv = nashornBeansLinker.getGuardedInvocation(request, linkerServices);
--- a/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 08:40:39 2015 +0200 +++ b/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 18:58:52 2015 +0530 @@ -27,6 +27,7 @@ import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; +import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; import java.nio.IntBuffer; @@ -34,9 +35,11 @@ import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Set; +import javax.script.Invocable; import javax.script.ScriptEngine; import javax.script.ScriptEngineManager; import jdk.nashorn.api.scripting.AbstractJSObject; +import jdk.nashorn.api.scripting.ScriptObjectMirror; import org.testng.annotations.Test; /** @@ -286,4 +289,23 @@ fail(exp.getMessage()); } } + + // @bug 8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects + @Test + public void hidingInternalObjectsForJSObjectTest() throws Exception { + final ScriptEngineManager engineManager = new ScriptEngineManager(); + final ScriptEngine e = engineManager.getEngineByName("nashorn"); + + final String code = "function func(obj) { obj.foo = [5, 5]; obj.bar = {} }"; + e.eval(code); + + // call the exposed function but pass user defined JSObject impl as argument + ((Invocable)e).invokeFunction("func", new AbstractJSObject() { + @Override + public void setMember(final String name, final Object value) { + // make sure that wrapped objects are passed (and not internal impl. objects) + assertTrue(value.getClass() == ScriptObjectMirror.class); + } + }); + } }