From c25355704d08ac68cda147ccbec270407119e2ca Mon Sep 17 00:00:00 2001
From: yvt <i@yvt.jp>
Date: Tue, 17 Aug 2021 01:45:55 +0900
Subject: [PATCH] fix(script): the condition for exposing a cross-origin setter
 is `CrossOriginWritable`, not `CrossOriginReadable`

The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.
---
 components/script/dom/bindings/codegen/CodegenRust.py       | 2 +-
 .../cross-origin-objects/cross-origin-objects.html.ini      | 6 ------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/components/script/dom/bindings/codegen/CodegenRust.py b/components/script/dom/bindings/codegen/CodegenRust.py
index 03998017f36..e8e5bfbab4f 100644
--- a/components/script/dom/bindings/codegen/CodegenRust.py
+++ b/components/script/dom/bindings/codegen/CodegenRust.py
@@ -1936,7 +1936,7 @@ class AttrDefiner(PropertyDefiner):
         def setter(attr):
             attr = attr['attr']
 
-            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginReadable"))
+            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginWritable"))
                 or (attr.readonly
                     and not attr.getExtendedAttribute("PutForwards")
                     and not attr.getExtendedAttribute("Replaceable"))):
diff --git a/tests/wpt/metadata/html/browsers/origin/cross-origin-objects/cross-origin-objects.html.ini b/tests/wpt/metadata/html/browsers/origin/cross-origin-objects/cross-origin-objects.html.ini
index 6ffbaa0b3dc..cf0dc159bd6 100644
--- a/tests/wpt/metadata/html/browsers/origin/cross-origin-objects/cross-origin-objects.html.ini
+++ b/tests/wpt/metadata/html/browsers/origin/cross-origin-objects/cross-origin-objects.html.ini
@@ -188,12 +188,6 @@
   [Same-origin observers get different accessors for cross-origin Window (cross-site)]
     expected: FAIL
 
-  [Same-origin observers get different accessors for cross-origin Location (cross-origin)]
-    expected: FAIL
-
-  [Same-origin observers get different accessors for cross-origin Location (same-origin + document.domain)]
-    expected: FAIL
-
   [Same-origin observers get different accessors for cross-origin Location (cross-site)]
     expected: FAIL