Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-11 01:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity
servo/components/script
History
yvt c25355704d fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 
The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.
2021-08-17 09:26:27 +09:00
..
docs
dom fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 2021-08-17 09:26:27 +09:00
task_source
animation_timeline.rs
animations.rs Remove unused arguments from methods. 2021-02-05 14:29:45 +00:00
body.rs
build.rs Port some code to Python3 2021-02-18 09:35:46 -05:00
canvas_state.rs
Cargo.toml Bump time to latest v0.1.x version. 2021-06-25 17:19:14 +01:00
clipboard_provider.rs
devtools.rs Update mozjs. 2021-02-18 09:35:45 -05:00
document_loader.rs
euclidext.rs
fetch.rs Make url for "client" referrer mandatory 2020-06-17 19:07:14 +02:00
image_listener.rs
init.rs Added is_platform_object_static check to is_dom_object 2020-11-26 18:40:41 -05:00
layout_image.rs Make url for "client" referrer mandatory 2020-06-17 19:07:14 +02:00
lib.rs Fix three trivial warnings. 2021-05-23 19:03:57 +09:00
mem.rs
microtask.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
network_listener.rs
realms.rs
script_module.rs Don't hardcode string types. 2021-05-14 17:13:17 -04:00
script_runtime.rs refactor(script): move crate::dom::bindings::{utils → principals)::ServoJSPrincipal 2021-07-13 21:45:21 +09:00
script_thread.rs refactor(script): navigate_or_reload_child_browsing_context should only handle cases involving navigation 2021-08-03 09:11:19 +09:00
serviceworker_manager.rs feat: shorten thread names 2021-07-19 00:57:48 +09:00
stylesheet_loader.rs Fix invalid use of ReferrerUrl 2020-06-17 19:07:15 +02:00
stylesheet_set.rs
task.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
task_manager.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
task_queue.rs
test.rs
textinput.rs
timers.rs Set private reference for classic script 2020-07-18 00:43:34 +09:00
unpremultiplytable.rs
webdriver_handlers.rs Update mozjs to 0.14.1 2020-08-28 20:54:18 +08:00