Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-10-18 01:09:16 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/tests
History
yvt c25355704d fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 
The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.
2021-08-17 09:26:27 +09:00
..
dromaeo Fix remaining flake8 warnings 2020-06-21 03:34:32 +02:00
html Add some manual tests for verifying mouse events order 2020-07-30 22:07:04 +05:30
jquery Fix remaining flake8 warnings 2020-06-21 03:34:32 +02:00
power Fix remaining flake8 warnings 2020-06-21 03:34:32 +02:00
unit Miscellaneous build / tidy fixes. 2021-02-26 17:53:55 +01:00
wpt fix(script): the condition for exposing a cross-origin setter is CrossOriginWritable, not CrossOriginReadable 2021-08-17 09:26:27 +09:00