Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 15:23:42 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/components/script/dom/bindings
History
yvt c25355704d fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 
The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.
2021-08-17 09:26:27 +09:00
..
codegen fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 2021-08-17 09:26:27 +09:00
callback.rs Always pass InRealm to GlobalScope::from_context to avoid getting null global 2020-02-16 09:55:10 +09:00
cell.rs Fix refcell_backtrace feature. 2020-06-18 12:56:33 -04:00
constant.rs Use safe JSContext when possible in interface.rs 2019-08-09 00:43:24 +01:00
conversions.rs Update mozjs. 2021-02-18 09:35:45 -05:00
error.rs Fix building with --feature js_backtrace 2020-06-22 16:14:04 -04:00
guard.rs Add creation url and Secure Contexts 2020-11-25 18:30:50 +00:00
htmlconstructor.rs Reduce code duplication. Move some of CodegenRust.py to htmlconstructor.rs 2020-06-03 15:13:34 -04:00
inheritance.rs Update MPL license to https (part 3) 2018-11-19 14:47:12 +01:00
interface.rs refactor(script): apply suggestions 2021-07-25 18:45:22 +09:00
iterable.rs Add trait DomObjectWrap to provide WRAP function 2020-03-20 22:16:56 -04:00
mod.rs refactor(script): move crate::dom::bindings::{utils → principals)::ServoJSPrincipal 2021-07-13 21:45:21 +09:00
namespace.rs Update SpiderMonkey 2020-03-06 11:13:28 +01:00
num.rs Update MPL license to https (part 3) 2018-11-19 14:47:12 +01:00
principals.rs refactor(script): don't conjure up ServoJSPrincipals in ServoJSPrincipalsRef::deref 2021-07-25 19:36:06 +09:00
proxyhandler.rs fix(script): don't pass an unrooted slice to from_rooted_slice 2021-07-28 09:10:55 +09:00
record.rs Update SpiderMonkey 2020-03-06 11:13:28 +01:00
refcounted.rs Extract some thread local use from generic code. 2020-06-04 20:54:36 -04:00
reflector.rs Add trait DomObjectWrap to provide WRAP function 2020-03-20 22:16:56 -04:00
root.rs Move thread state checks out of generic methods to reduce generated code duplication. 2020-06-04 20:54:36 -04:00
serializable.rs Add lint check for &DomRoot<T> 2019-12-21 12:44:35 -09:00
settings_stack.rs Update MPL license to https (part 3) 2018-11-19 14:47:12 +01:00
str.rs Form constraints validation 2020-04-02 10:16:46 +02:00
structuredclone.rs Update mozjs. 2021-02-18 09:35:45 -05:00
trace.rs Change ErrorScopeId type to NonZeroU64 2020-08-03 01:45:29 +05:30
transferable.rs Add lint check for &DomRoot<T> 2019-12-21 12:44:35 -09:00
utils.rs refactor(script): move crate::dom::bindings::{utils → principals)::ServoJSPrincipal 2021-07-13 21:45:21 +09:00
weakref.rs Use #![register_tool] instead of #![register_attr] 2019-11-15 17:24:42 +01:00
xmlname.rs Changed error type on qname, per spec 2020-02-12 17:02:56 -05:00