mirror of
https://github.com/servo/servo.git
synced 2025-06-11 01:50:10 +00:00
The expression `crossOriginIframe.contentWindow.location.href = "new href"` takes the following steps: (1) Get the setter for `href` by invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow. location`. (2) Call the setter, passing `crossOriginIframe. contentWindow` and `"new href"`. Since the target `Location` is cross origin, getting the setter succeeds only if the `CrossOriginWritable` extended attribute is present on the `href` attribute, and it's present. However, instead of `CrossOriginWritable`, `CrossOriginReadable` was checked mistakenly. Since `Location#href` has `CrossOriginWritable` but not `CrossOriginReadable`, this bug rendered `Location#href` inaccessible from a cross-origin document. |
||
---|---|---|
.. | ||
docs | ||
dom | ||
task_source | ||
animation_timeline.rs | ||
animations.rs | ||
body.rs | ||
build.rs | ||
canvas_state.rs | ||
Cargo.toml | ||
clipboard_provider.rs | ||
devtools.rs | ||
document_loader.rs | ||
euclidext.rs | ||
fetch.rs | ||
image_listener.rs | ||
init.rs | ||
layout_image.rs | ||
lib.rs | ||
mem.rs | ||
microtask.rs | ||
network_listener.rs | ||
realms.rs | ||
script_module.rs | ||
script_runtime.rs | ||
script_thread.rs | ||
serviceworker_manager.rs | ||
stylesheet_loader.rs | ||
stylesheet_set.rs | ||
task.rs | ||
task_manager.rs | ||
task_queue.rs | ||
test.rs | ||
textinput.rs | ||
timers.rs | ||
unpremultiplytable.rs | ||
webdriver_handlers.rs |