Bug 1299306 part 4. Remove the existing Location hardcoding in js::SetPrototype now that Location handles that itself. r=waldo
authorBoris Zbarsky <bzbarsky@mit.edu>
Fri, 02 Sep 2016 17:55:38 -0400
changeset 312571 f52595d3b9f33f3b48efa6f61fa3f5719d94bdc7
parent 312570 7d6d85635ddb7c88a2ed5fb6dafc40f3096619ee
child 312572 88222d0a92668a99c47602aa2a0968df4ebe7e98
push id30646
push userryanvm@gmail.com
push dateSat, 03 Sep 2016 15:33:40 +0000
treeherdermozilla-central@1789229965bf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswaldo
bugs1299306
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1299306 part 4. Remove the existing Location hardcoding in js::SetPrototype now that Location handles that itself. r=waldo
js/src/jsobj.cpp
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/html/browsers/history/the-location-interface/location-prototype-setting.html
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -2531,26 +2531,16 @@ js::SetPrototype(JSContext* cx, HandleOb
      * Disallow mutating the [[Prototype]] on Typed Objects, per the spec.
      */
     if (obj->is<TypedObject>()) {
         JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_PROTO_OF,
                              "incompatible TypedObject");
         return false;
     }
 
-    /*
-     * Explicitly disallow mutating the [[Prototype]] of Location objects
-     * for flash-related security reasons.
-     */
-    if (!strcmp(obj->getClass()->name, "Location")) {
-        JS_ReportErrorNumber(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_PROTO_OF,
-                             "incompatible Location object");
-        return false;
-    }
-
     /* ES6 9.1.2 step 5 forbids changing [[Prototype]] if not [[Extensible]]. */
     bool extensible;
     if (!IsExtensible(cx, obj, &extensible))
         return false;
     if (!extensible)
         return result.fail(JSMSG_CANT_SET_PROTO);
 
     // If this is a global object, resolve the Object class so that its
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -37791,16 +37791,22 @@
           }
         ],
         "editing/other/delete.html": [
           {
             "path": "editing/other/delete.html",
             "url": "/editing/other/delete.html"
           }
         ],
+        "html/browsers/history/the-location-interface/location-prototype-setting.html": [
+          {
+            "path": "html/browsers/history/the-location-interface/location-prototype-setting.html",
+            "url": "/html/browsers/history/the-location-interface/location-prototype-setting.html"
+          }
+        ],
         "html/semantics/forms/the-form-element/form-submission-sandbox.html": [
           {
             "path": "html/semantics/forms/the-form-element/form-submission-sandbox.html",
             "url": "/html/semantics/forms/the-form-element/form-submission-sandbox.html"
           }
         ],
         "svg/linking/scripted/href-animate-element.html": [
           {
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/html/browsers/history/the-location-interface/location-prototype-setting.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>[[SetPrototypeOf]] on a location object should return false</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script>
+  test(function() {
+    var origProto = Object.getPrototypeOf(location);
+    assert_throws(new TypeError, function() {
+      Object.setPrototypeOf(location, {});
+    });
+    assert_throws(new TypeError, function() {
+      location.__proto__ = {};
+    });
+    assert_false(Reflect.setPrototypeOf(location, {}));
+    assert_equals(Object.getPrototypeOf(location), origProto);
+  });
+</script>