mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-05 08:35:26 +00:00
Protect against scripts setting __proto__ to null. bug 317250, hopeful-r=brendan
This commit is contained in:
parent
7685d1b7e0
commit
0f68c9e245
@ -189,6 +189,7 @@ obj_setSlot(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
|
||||
return JS_TRUE;
|
||||
pobj = JSVAL_TO_OBJECT(*vp);
|
||||
|
||||
if (pobj) {
|
||||
/*
|
||||
* Innerize pobj here to avoid sticking unwanted properties on the outer
|
||||
* object. This ensures that any with statements only grant access to the
|
||||
@ -197,6 +198,7 @@ obj_setSlot(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
|
||||
OBJ_TO_INNER_OBJECT(cx, pobj);
|
||||
if (!pobj)
|
||||
return JS_FALSE;
|
||||
}
|
||||
slot = (uint32) JSVAL_TO_INT(id);
|
||||
if (JS_HAS_STRICT_OPTION(cx) && !ReportStrictSlot(cx, slot))
|
||||
return JS_FALSE;
|
||||
|
Loading…
Reference in New Issue
Block a user