Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 05:15:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1396620 - Part 2: Fix compartment mismatch crash when doing old prototype swizzling for custom element; r=smaug

Browse Source 
MozReview-Commit-ID: GMxikyKJ54A

--HG--
extra : rebase_source : 594ab2727e085e4b1e81d2ed5915b230b7c96365
This commit is contained in:
Edgar Chen 2017-10-16 10:14:56 +08:00
parent 698fdbc62e
commit 6d7d215d0e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dom/base/Element.cpp
View File

@ -527,6 +527,10 @@ Element::WrapObject(JSContext *aCx, JS::Handle<JSObject*> aGivenProto)
data->GetCustomElementType(), &customProto);
if (customProto &&
NodePrincipal()->SubsumesConsideringDomain(nsContentUtils::ObjectPrincipal(customProto))) {
// The custom element prototype could be in different compartment.
if (!JS_WrapObject(aCx, &customProto)) {
return nullptr;
}
// Just go ahead and create with the right proto up front. Set
// customProto to null to flag that we don't need to do any post-facto
// proto fixups here.