Protect against scripts setting __proto__ to null. bug 317250, hopeful-r=brendan

This commit is contained in:
mrbkap%gmail.com 2006-03-23 02:24:45 +00:00
parent 7685d1b7e0
commit 0f68c9e245

View File

@ -189,6 +189,7 @@ obj_setSlot(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
return JS_TRUE;
pobj = JSVAL_TO_OBJECT(*vp);
if (pobj) {
/*
* Innerize pobj here to avoid sticking unwanted properties on the outer
* object. This ensures that any with statements only grant access to the
@ -197,6 +198,7 @@ obj_setSlot(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
OBJ_TO_INNER_OBJECT(cx, pobj);
if (!pobj)
return JS_FALSE;
}
slot = (uint32) JSVAL_TO_INT(id);
if (JS_HAS_STRICT_OPTION(cx) && !ReportStrictSlot(cx, slot))
return JS_FALSE;