Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 00:25:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Protect against scripts setting __proto__ to null. bug 317250, hopeful-r=brendan

Browse Source
This commit is contained in:
mrbkap%gmail.com 2006-03-23 02:24:45 +00:00
parent 7685d1b7e0
commit 0f68c9e245
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
js/src/jsobj.c
View File

@ -189,14 +189,16 @@ obj_setSlot(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
return JS_TRUE;
pobj = JSVAL_TO_OBJECT(*vp);
/*
* Innerize pobj here to avoid sticking unwanted properties on the outer
* object. This ensures that any with statements only grant access to the
* inner object.
*/
OBJ_TO_INNER_OBJECT(cx, pobj);
if (!pobj)
return JS_FALSE;
if (pobj) {
/*
* Innerize pobj here to avoid sticking unwanted properties on the outer
* object. This ensures that any with statements only grant access to the
* inner object.
*/
OBJ_TO_INNER_OBJECT(cx, pobj);
if (!pobj)
return JS_FALSE;
}
slot = (uint32) JSVAL_TO_INT(id);
if (JS_HAS_STRICT_OPTION(cx) && !ReportStrictSlot(cx, slot))
return JS_FALSE;