servo/components/script
yvt c25355704d fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable
The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.
2021-08-17 09:26:27 +09:00
..
docs Update doc links and code snippet for trace implementation 2020-05-03 19:03:33 +05:30
dom fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 2021-08-17 09:26:27 +09:00
task_source remove unnecessary thread in filereader, add stream TODO 2019-12-10 14:55:22 +08:00
animation_timeline.rs Move most animation processing to script 2020-05-12 10:22:14 +02:00
animations.rs Remove unused arguments from methods. 2021-02-05 14:29:45 +00:00
body.rs fix streaming request bodies, terminate fetch if the body stream errors 2020-06-16 13:14:38 +08:00
build.rs Port some code to Python3 2021-02-18 09:35:46 -05:00
canvas_state.rs Fix ./mach build --release --with-layout-2020 2020-06-10 22:34:24 +05:30
Cargo.toml Bump time to latest v0.1.x version. 2021-06-25 17:19:14 +01:00
clipboard_provider.rs
devtools.rs Update mozjs. 2021-02-18 09:35:45 -05:00
document_loader.rs Use #![register_tool] instead of #![register_attr] 2019-11-15 17:24:42 +01:00
euclidext.rs Update euclid 2020-04-07 08:51:08 -07:00
fetch.rs Make url for "client" referrer mandatory 2020-06-17 19:07:14 +02:00
image_listener.rs Refactor ImageCache::find_image_or_metadata API. 2020-04-17 11:58:18 -04:00
init.rs Added is_platform_object_static check to is_dom_object 2020-11-26 18:40:41 -05:00
layout_image.rs Make url for "client" referrer mandatory 2020-06-17 19:07:14 +02:00
lib.rs Fix three trivial warnings. 2021-05-23 19:03:57 +09:00
mem.rs Update MPL license to https (part 3) 2018-11-19 14:47:12 +01:00
microtask.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
network_listener.rs
realms.rs rename compartment to realm 2020-01-24 20:52:36 +05:30
script_module.rs Don't hardcode string types. 2021-05-14 17:13:17 -04:00
script_runtime.rs refactor(script): move crate::dom::bindings::{utils → principals)::ServoJSPrincipal 2021-07-13 21:45:21 +09:00
script_thread.rs refactor(script): navigate_or_reload_child_browsing_context should only handle cases involving navigation 2021-08-03 09:11:19 +09:00
serviceworker_manager.rs feat: shorten thread names 2021-07-19 00:57:48 +09:00
stylesheet_loader.rs Fix invalid use of ReferrerUrl 2020-06-17 19:07:15 +02:00
stylesheet_set.rs
task.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
task_manager.rs ensure clean shutdown of all threads running JS 2020-06-30 13:22:38 +08:00
task_queue.rs in BC event-loop, only run tasks related to fully-active documents 2019-03-06 14:18:18 +08:00
test.rs Modify script to prevent further violations of snake_case 2020-01-18 14:22:15 +05:30
textinput.rs Form constraints validation 2020-04-02 10:16:46 +02:00
timers.rs Set private reference for classic script 2020-07-18 00:43:34 +09:00
unpremultiplytable.rs
webdriver_handlers.rs Update mozjs to 0.14.1 2020-08-28 20:54:18 +08:00