Document.location is not configurable anymore?
123 views
Skip to first unread message
Ahamed Nafeez
Jun 16, 2015, 4:01:03 AM6/16/15
to chromi...@chromium.org
It seems like Chrome doesn't allow accessing the getter, setter property of window.location Object. Is this part of any intentional changes? Am not able to see any relevant discussion about disabling the getter, setter for Location object.
What am talking about is,
Object.defineProperty(location, 'hash', { get: function(){ return 'someHash'}});
doesn't work anymore.
If someone could throw some light on this, it would be great!
PhistucK
Jun 16, 2015, 4:44:20 AM6/16/15
to ahamed...@gmail.com, Chromium-dev
Seems like crbug.com/444015, which is a change to be interoperable with other browsers and the specification (and to prevent security issues of some sort, for those who rely on document.location for verifying the origin and such).
I admit it would have been nice to mention it on chromestatus.com... sorry. :(
☆PhistucK
--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
Ahamed Nafeez
Jun 16, 2015, 4:48:15 AM6/16/15
to PhistucK, Chromium-dev
Thanks for the update! Makes sense! In fact, last year I wanted this to be fixed because of some security issues. https://speakerdeck.com/skepticfx/js-suicide-using-javascripts-security-features-to-kill-itself
This year I am working on a Chrome based Extension to find and fix DOM based XSS, but due to this change I can't hook in to document.location anymore. Sad Irony!
On the other hand, do you think it would be possible to override location in the future? ES6 proxies?
--
Cheers,
Nafeez
PhistucK
Jun 16, 2015, 9:17:11 AM6/16/15
to Ahamed Nafeez, Chromium-dev
Proxies are new instances, I believe and do not override stuff that cannot be overridden in other ways.
☆PhistucK
Ahamed Nafeez
Jun 17, 2015, 12:59:14 AM6/17/15
to PhistucK, Chromium-dev
Yeah! Thats right too.
I tried removing the 'Unforgeable' extended attribute for the location from '/src/third_party/WebKit/Source/core/dom/Document.idl' from the Chromium project and the build still doesn't allow me to redefine Location. But the CRBUG that you referred to had the relevant change as this: http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.idl?r1=189862&r2=189861&pathrev=189862.
Could you tell me whats going on? I really need this working on the latest Chromium by patching this locally on my side. Any help would be really appreciated.
--
Cheers,
Nafeez
PhistucK
Jun 17, 2015, 1:31:57 AM6/17/15
to Ahamed Nafeez, Chromium-dev
Perhaps you need to clobber your build and recompile everything again in order for it to be applied?
☆PhistucK
Ahamed Nafeez
Jun 17, 2015, 2:48:54 AM6/17/15
to PhistucK, Chromium-dev
I did clobber and recompiled everything again for the past one hour and it still seems to be behaving as if it is 'Unforgeable'.
--
Cheers,
Nafeez
PhistucK
Jun 17, 2015, 2:54:31 AM6/17/15
to Ahamed Nafeez, Chromium-dev
Perhaps other related security hardening changes were made, unrelated to this bug, in this area...
☆PhistucK
Reply all
Reply to author
Forward
0 new messages