New issue
Advanced search Search tips

Issue 781906 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Nov 2017
Cc:
gsat...@chromium.org
adamk@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: hasOwnProperty returns unexpected results for local variables

Reported by nkx...@gmail.com, Nov 6 2017 
hi, sir:

v8/d8 is falsely exec following code, please have a check:
/*
test starts
this.hasOwnProperty(v02):true
this.hasOwnProperty(v01):false
test ends
*/
try
{
	my_print = window.alert;
}
catch(e)
{
	my_print = console.log;
}

function f()
{
	var v01 = "v01 decl inside f()";
	var v02 = undefined;
	
	my_print( 'this.hasOwnProperty(v02):' + this.hasOwnProperty(v02) );
	my_print( 'this.hasOwnProperty(v01):' + this.hasOwnProperty(v01) );
}

my_print("test starts");
f();
my_print("test ends");


thanks.
Demo02.js
454 bytes View Download

Comment 1 by elawrence@chromium.org, Nov 8 2017

Components: Blink>JavaScript
Summary: Security: hasOwnProperty returns unexpected results for local variables (was: Security: falsely exec following code)

Comment 2 by hablich@chromium.org, Nov 8 2017

Components: -Blink>JavaScript Blink>JavaScript>Language
I don't think this is security relevant and indeed looks strange. I wouldn't be surprised if this is spec-conform though :-).

Comment 3 by verwa...@chromium.org, Nov 8 2017

Status: WontFix (was: Unconfirmed)
This is surely working as intended and isn't strange at all. You're just checking whether the global object has the property "undefined" and the property "v01 decl inside f()". And undefined is indeed a property on the global object.

Comment 4 by verwa...@chromium.org, Nov 8 2017

Labels: -Restrict-View-SecurityTeam

Sign in to add a comment