mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-24 21:58:06 +00:00
Bug 862380 - Be more explicit about rejecting JSID_VOID for XOWs. r=mrkbap
We already do this, but it's helpful to be clear about it.
This commit is contained in:
parent
a76f725f9c
commit
2fbd8f4d5c
@ -228,6 +228,14 @@ AccessCheck::isCrossOriginAccessPermitted(JSContext *cx, JSObject *wrapperArg, j
|
||||
RootedObject wrapper(cx, wrapperArg);
|
||||
RootedObject obj(cx, Wrapper::wrappedObject(wrapper));
|
||||
|
||||
// Enumerate-like operations pass JSID_VOID to |enter|, since there isn't
|
||||
// another sane value to pass. For XOWs, we generally want to deny such
|
||||
// operations but fail silently (see CrossOriginAccessiblePropertiesOnly::
|
||||
// deny). We could just fall through here and rely on the fact that none
|
||||
// of the whitelisted properties below will match JSID_VOID, but EIBTI.
|
||||
if (id == JSID_VOID)
|
||||
return false;
|
||||
|
||||
const char *name;
|
||||
js::Class *clasp = js::GetObjectClass(obj);
|
||||
NS_ASSERTION(Jsvalify(clasp) != &XrayUtils::HolderClass, "shouldn't have a holder here");
|
||||
|
Loading…
x
Reference in New Issue
Block a user