8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
Reviewed-by: attila, hannesw
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/BrowserJSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530
@@ -107,9 +107,10 @@
return null;
}
- final GuardedInvocation inv;
+ GuardedInvocation inv;
if (jsObjectClass.isInstance(self)) {
inv = lookup(desc, request, linkerServices);
+ inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard());
} else {
throw new AssertionError(); // Should never reach here.
}
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 08:40:39 2015 +0200
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/linker/JSObjectLinker.java Mon Sep 28 18:58:52 2015 +0530
@@ -77,9 +77,10 @@
return null;
}
- final GuardedInvocation inv;
+ GuardedInvocation inv;
if (self instanceof JSObject) {
inv = lookup(desc, request, linkerServices);
+ inv = inv.replaceMethods(linkerServices.filterInternalObjects(inv.getInvocation()), inv.getGuard());
} else if (self instanceof Map || self instanceof Bindings) {
// guard to make sure the Map or Bindings does not turn into JSObject later!
final GuardedInvocation beanInv = nashornBeansLinker.getGuardedInvocation(request, linkerServices);
--- a/nashorn/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 08:40:39 2015 +0200
+++ b/nashorn/test/src/jdk/nashorn/api/scripting/test/PluggableJSObjectTest.java Mon Sep 28 18:58:52 2015 +0530
@@ -27,6 +27,7 @@
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertTrue;
import static org.testng.Assert.fail;
import java.nio.IntBuffer;
@@ -34,9 +35,11 @@
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Set;
+import javax.script.Invocable;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import jdk.nashorn.api.scripting.AbstractJSObject;
+import jdk.nashorn.api.scripting.ScriptObjectMirror;
import org.testng.annotations.Test;
/**
@@ -286,4 +289,23 @@
fail(exp.getMessage());
}
}
+
+ // @bug 8137258: JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
+ @Test
+ public void hidingInternalObjectsForJSObjectTest() throws Exception {
+ final ScriptEngineManager engineManager = new ScriptEngineManager();
+ final ScriptEngine e = engineManager.getEngineByName("nashorn");
+
+ final String code = "function func(obj) { obj.foo = [5, 5]; obj.bar = {} }";
+ e.eval(code);
+
+ // call the exposed function but pass user defined JSObject impl as argument
+ ((Invocable)e).invokeFunction("func", new AbstractJSObject() {
+ @Override
+ public void setMember(final String name, final Object value) {
+ // make sure that wrapped objects are passed (and not internal impl. objects)
+ assertTrue(value.getClass() == ScriptObjectMirror.class);
+ }
+ });
+ }
}