diff options
Diffstat (limited to 'deps/v8/src/builtins/builtins-console.cc')
-rw-r--r-- | deps/v8/src/builtins/builtins-console.cc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/deps/v8/src/builtins/builtins-console.cc b/deps/v8/src/builtins/builtins-console.cc index 9ab3566cec..28c9261ed4 100644 --- a/deps/v8/src/builtins/builtins-console.cc +++ b/deps/v8/src/builtins/builtins-console.cc @@ -47,6 +47,22 @@ void ConsoleCall( CHECK(!isolate->has_scheduled_exception()); if (!isolate->console_delegate()) return; HandleScope scope(isolate); + + // Access check. The current context has to match the context of all + // arguments, otherwise the inspector might leak objects across contexts. + Handle<Context> context = handle(isolate->context(), isolate); + for (int i = 0; i < args.length(); ++i) { + Handle<Object> argument = args.at<Object>(i); + if (!argument->IsJSObject()) continue; + + Handle<JSObject> argument_obj = Handle<JSObject>::cast(argument); + if (argument->IsAccessCheckNeeded(isolate) && + !isolate->MayAccess(context, argument_obj)) { + isolate->ReportFailedAccessCheck(argument_obj); + return; + } + } + debug::ConsoleCallArguments wrapper(args); Handle<Object> context_id_obj = JSObject::GetDataProperty( args.target(), isolate->factory()->console_context_id_symbol()); |