0.0.214 with [ACL compatibility changes] Fix #215 R and W permissions…

… for property descriptors

README.md

@@ -6,7 +6,7 @@
 Thin Hook Preprocessor (experimental)
 
 ## Notes
-- **[ACL Compatibility]** Since [0.0.213](https://github.com/t2ym/thin-hook/releases/tag/0.0.213) with [Fix #215](https://github.com/t2ym/thin-hook/issues/215), `'R'` and `'W'` opTypes are introduced for getting/setting property descriptors, i.e., contexts to access descriptors must have explicit `'R'` and/or `'W'` permissions for the target properties.  Prior to this version, property descriptors can be accessed by mere `'r'` and/or `'w'` permissions.
+- **[ACL Compatibility]** Since [0.0.214](https://github.com/t2ym/thin-hook/releases/tag/0.0.214) with [Fix #215](https://github.com/t2ym/thin-hook/issues/215), `'R'` and `'W'` opTypes are introduced for getting/setting property descriptors, i.e., contexts to access descriptors must have explicit `'R'` and/or `'W'` permissions for the target properties.  Prior to [0.0.213](https://github.com/t2ym/thin-hook/releases/tag/0.0.213), property descriptors can be accessed by mere `'r'` and/or `'w'` permissions.
 - **[Vulnerability Fix]** Since [0.0.211](https://github.com/t2ym/thin-hook/releases/tag/0.0.211) with [Fix #211](https://github.com/t2ym/thin-hook/issues/211), bypassing of ACL for global objects by dummy custom element definition is avoided. Prior to this version, ACL can be skipped by defining dummy custom elements by standard elements as constructor classes.
 - **[Vulnerability Fix]** Since [0.0.209](https://github.com/t2ym/thin-hook/releases/tag/0.0.209) with [Fix #210](https://github.com/t2ym/thin-hook/issues/210), bypassing of ACL for global objects by cloing them to other global objects is avoided. Prior to this version, ACL can be skipped by cloing global objects.
 - **[Vulnerability Fix]** Since [0.0.205](https://github.com/t2ym/thin-hook/releases/tag/0.0.205) with [Fix #208](https://github.com/t2ym/thin-hook/issues/208), scripts via `document.writeln()` are hooked as in `document.write()`. Prior to this version, scripts via `document.writeln()` are not hooked.

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "thin-hook",
-  "version": "0.0.213",
+  "version": "0.0.214",
   "description": "Thin Hook Preprocessor",
   "main": "hook.min.js",
   "authors": [

demo/hook-callback.js

@@ -3810,6 +3810,7 @@ Copyright (c) 2017, Tetsuya Mori <t2y3141592@gmail.com>. All rights reserved.
                       case 'self':
                         switch (target) {
                         case 'w01v':
+                        case 'W01v':
                           switch (_args[0]) {
                           case 'defineProperty': // Object.defineProperty(window, 'property', { value: v }); Reflect.defineProperty(window, 'property', { value: v })
                             if (_args[1][2] && _args[1][2].value instanceof Object) {
@@ -3826,6 +3827,7 @@ Copyright (c) 2017, Tetsuya Mori <t2y3141592@gmail.com>. All rights reserved.
                           }
                           break;
                         case 'w0.v':
+                        case 'W0.v':
                           let props;
                           switch (_args[0]) {
                           case 'defineProperties': // Object.defineProperties(window, { 'property': { value: v } })
@@ -5175,6 +5177,7 @@ Copyright (c) 2017, Tetsuya Mori <t2y3141592@gmail.com>. All rights reserved.
                     property = _escapePlatformProperties.get(rawProperty) || rawProperty;
                     switch (target) {
                     case 'w01v':
+                    case 'W01v':
                       switch (name) {
                       case 'window':
                       case 'self':
@@ -5200,6 +5203,7 @@ Copyright (c) 2017, Tetsuya Mori <t2y3141592@gmail.com>. All rights reserved.
                       }
                       break;
                     case 'w0.v':
+                    case 'W0.v':
                       switch (name) {
                       case 'window':
                       case 'self':

demo/index.html

@@ -15,7 +15,7 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=e4eb23065641810262e0ac82d56c013730db31cbd59e881e8fbed84a7f3c638a,efc40883a5a6d87c1f12b65a44e320d488b3b3b50216907f12ff022407c12689,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
+  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=115a90fd5e4279925653017286bf58352127af6a5c2b037105b125815b7446e8,910905ea414589984a7b300deaf73d6edbfd470dc05e2dd621f5fe292b63d2f8,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=false"></script></head></html><!--
   <script context-generator src="no-hook-authorization.js?no-hook=true"></script>
   <script context-generator src="context-generator.js?no-hook=true"></script>
   <script context-generator no-hook>

demo/original-index.html

@@ -15,7 +15,7 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=e4eb23065641810262e0ac82d56c013730db31cbd59e881e8fbed84a7f3c638a,efc40883a5a6d87c1f12b65a44e320d488b3b3b50216907f12ff022407c12689,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
+  <script src="../../thin-hook/hook.min.js?version=491&no-hook-authorization=115a90fd5e4279925653017286bf58352127af6a5c2b037105b125815b7446e8,910905ea414589984a7b300deaf73d6edbfd470dc05e2dd621f5fe292b63d2f8,5b14ec588d93bf30f76972826b2d3d7220a4992c6026a180d87040fbd97eb2a2,9ae7026958590419825ad94aea3df1c519f813a84798bae72e6b4da95ff4f52a,ce8bd5917e14e8e138aecc6a61bc5779668fde1b3f762eb16e609f429d9f9475,d7d18f6488069afcfc6454dc1a635fe598ce1c9154c19e21f3ea3bf514596799,a578e741369d927f693fedc88c75b1a90f1a79465e2bb9774a3f68ffc6e011e6,log-no-hook-authorization&sw-root=/&no-hook=true&hook-name=__hook__&context-generator-name=method&discard-hook-errors=false&fallback-page=index-fb.html&hook-property=true&hook-global=true&hook-prefix=_pp_&compact=true&service-worker-ready=true"></script>
   <script context-generator src="no-hook-authorization.js?no-hook=true"></script>
   <script context-generator src="context-generator.js?no-hook=true"></script>
   <script context-generator no-hook>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "thin-hook",
-  "version": "0.0.213",
+  "version": "0.0.214",
   "description": "Thin Hook Preprocessor",
   "main": "hook.js",
   "scripts": {