fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable

The expression `crossOriginIframe.contentWindow.location.href = "new href"` takes the following steps: (1) Get the setter for `href` by invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow. location`. (2) Call the setter, passing `crossOriginIframe. contentWindow` and `"new href"`. Since the target `Location` is cross origin, getting the setter succeeds only if the `CrossOriginWritable` extended attribute is present on the `href` attribute, and it's present. However, instead of `CrossOriginWritable`, `CrossOriginReadable` was checked mistakenly. Since `Location#href` has `CrossOriginWritable` but not `CrossOriginReadable`, this bug rendered `Location#href` inaccessible from a cross-origin document.
2025-06-08 00:23:30 +00:00 · 2021-08-17 01:45:55 +09:00 · 2021-08-17 01:45:55 +09:00 · c25355704d
commit c25355704d
parent 8b3a49349d
2 changed files with 1 additions and 7 deletions
--- a/components/script/dom/bindings/codegen/CodegenRust.py
+++ b/components/script/dom/bindings/codegen/CodegenRust.py
@ -1936,7 +1936,7 @@ class AttrDefiner(PropertyDefiner):
        def setter(attr):
            attr = attr['attr']

-            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginReadable"))
+            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginWritable"))
                or (attr.readonly
                    and not attr.getExtendedAttribute("PutForwards")
                    and not attr.getExtendedAttribute("Replaceable"))):