endo: iOS Safari fails to lockdown (with potential fix)
- Call
lockdown()on the latest version of iOS Safari - Lockdown fails with the error
Cannot read "configurable" of undefinedin the console
Digging in a bit, I found that the error is caused inside isImmuatableDataProperty():
function isImmutableDataProperty(obj, name) {
const desc = getOwnPropertyDescriptor(obj, name)
return (
//
// The getters will not have .writable, don't let the falsyness of
// 'undefined' trick us: test with === false, not ! . However descriptors
// inherit from the (potentially poisoned) global object, so we might see
// extra properties which weren't really there. Accessor properties have
// 'get/set/enumerable/configurable', while data properties have
// 'value/writable/enumerable/configurable'.
desc.configurable === false &&
desc.writable === false &&
//
// Checks for data properties because they're the only ones we can
// optimize (accessors are most likely non-constant). Descriptors can't
// can't have accessors and value properties at the same time, therefore
// this check is sufficient. Using explicit own property deal with the
// case where Object.prototype has been poisoned.
objectHasOwnProperty(desc, 'value')
)
}
It is called with isImmutableDataProperty(window, 'showModalDialog'), which in iOS safari is actually undefined.
So when it tries to get the property descriptor, desc is also undefined.
I added a hack to return true if desc is undefined and everything seems to work as expected.
I’m not sure if that is the actual fix though.
About this issue
- Original URL
- State: open
- Created 3 years ago
- Comments: 21 (13 by maintainers)
I’m labeling this as worth reviewing again, just to verify that we’re covered on iOS and close.
Apparently fixed: https://bugs.webkit.org/show_bug.cgi?id=234282 !