Skip to content
Browse files
Throw TypeError when reading global references through a JSProxy
Allowing global references to be read through a proxy results in cross-origin information leaks. The ES6 spec currently does not mitigate this in any way. This CL adds a workaround that's easy for V8: throw whenever an unresolved reference would result in a proxy trap to be fired. I'm landing this so we can move forwards with staging proxies without putting users of --harmony at risk.


Review URL:

Cr-Commit-Position: refs/heads/master@{#32949}
  • Loading branch information
verwaest authored and Commit bot committed Dec 17, 2015
1 parent 879b21a commit 01b8e7c7f62fe0fc74552c7d3909777fa50b3447
Showing 3 changed files with 22 additions and 0 deletions.
@@ -269,6 +269,7 @@ class CallSite {
T(ProxyTrapReturnedFalsish, "'%' on proxy: trap returned falsish") \
T(ProxyTrapReturnedFalsishFor, \
"'%' on proxy: trap returned falsish for property '%'") \
T(ReadGlobalReferenceThroughProxy, "Trying to access '%' through proxy") \
T(RedefineDisallowed, "Cannot redefine property: %") \
T(RedefineExternalArray, \
"Cannot redefine a property of an object with external array elements") \
@@ -828,6 +828,13 @@ MaybeHandle<Object> JSProxy::GetProperty(Isolate* isolate,
Handle<Name> name,
Handle<Object> receiver,
LanguageMode language_mode) {
if (receiver->IsJSGlobalObject()) {
NewTypeError(MessageTemplate::kReadGlobalReferenceThroughProxy, name),

Handle<Name> trap_name = isolate->factory()->get_string();
// 1. Assert: IsPropertyKey(P) is true.
@@ -0,0 +1,14 @@
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Flags: --harmony-proxies

var failing_proxy = new Proxy({}, new Proxy({}, {
get() { throw "No trap should fire" }}));

Object.setPrototypeOf(Object.prototype, failing_proxy);
assertThrows(()=>a, TypeError);

Object.setPrototypeOf(this, failing_proxy);
assertThrows(()=>a, TypeError);

0 comments on commit 01b8e7c

Please sign in to comment.