Mon, 28 Sep 2015 18:58:52 +0530
8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
Reviewed-by: attila, hannesw
1.1 --- a/src/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200 1.2 +++ b/src/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530 1.3 @@ -99,9 +99,10 @@ 1.4 return null; 1.5 } 1.6 1.7 - final GuardedInvocation inv; 1.8 + GuardedInvocation inv; 1.9 if (jsObjectClass.isInstance(self)) { 1.10 inv = lookup(desc, request, linkerServices); 1.11 + inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard()); 1.12 } else { 1.13 throw new AssertionError(); // Should never reach here. 1.14 }
2.1 --- a/src/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200 2.2 +++ b/src/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530 2.3 @@ -77,9 +77,10 @@ 2.4 return null; 2.5 } 2.6 2.7 - final GuardedInvocation inv; 2.8 + GuardedInvocation inv; 2.9 if (self instanceof JSObject) { 2.10 inv = lookup(desc, request, linkerServices); 2.11 + inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard()); 2.12 } else if (self instanceof Map || self instanceof Bindings) { 2.13 // guard to make sure the Map or Bindings does not turn into JSObject later! 2.14 final GuardedInvocation beanInv = nashornBeansLinker.getGuardedInvocation(request, linkerServices);
3.1 --- a/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 08:40:39 2015 +0200 3.2 +++ b/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 18:58:52 2015 +0530 3.3 @@ -27,6 +27,7 @@ 3.4 3.5 import static org.testng.Assert.assertEquals; 3.6 import static org.testng.Assert.assertFalse; 3.7 +import static org.testng.Assert.assertTrue; 3.8 import static org.testng.Assert.fail; 3.9 3.10 import java.nio.IntBuffer; 3.11 @@ -34,9 +35,11 @@ 3.12 import java.util.HashMap; 3.13 import java.util.LinkedHashMap; 3.14 import java.util.Set; 3.15 +import javax.script.Invocable; 3.16 import javax.script.ScriptEngine; 3.17 import javax.script.ScriptEngineManager; 3.18 import jdk.nashorn.api.scripting.AbstractJSObject; 3.19 +import jdk.nashorn.api.scripting.ScriptObjectMirror; 3.20 import org.testng.annotations.Test; 3.21 3.22 /** 3.23 @@ -286,4 +289,23 @@ 3.24 fail(exp.getMessage()); 3.25 } 3.26 } 3.27 + 3.28 + // @bug 8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects 3.29 + @Test 3.30 + public void hidingInternalObjectsForJSObjectTest() throws Exception { 3.31 + final ScriptEngineManager engineManager = new ScriptEngineManager(); 3.32 + final ScriptEngine e = engineManager.getEngineByName("nashorn"); 3.33 + 3.34 + final String code = "function func(obj) { obj.foo = [5, 5]; obj.bar = {} }"; 3.35 + e.eval(code); 3.36 + 3.37 + // call the exposed function but pass user defined JSObject impl as argument 3.38 + ((Invocable)e).invokeFunction("func", new AbstractJSObject() { 3.39 + @Override 3.40 + public void setMember(final String name, final Object value) { 3.41 + // make sure that wrapped objects are passed (and not internal impl. objects) 3.42 + assertTrue(value.getClass() == ScriptObjectMirror.class); 3.43 + } 3.44 + }); 3.45 + } 3.46 }