mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-26 04:09:50 +00:00
9e02f38a2e
This will still prevent them from accessing stuff (.length will be undefined, etc), but seems better than unexpectedly throwing. This fixes the issue at hand at least. With this patch, we reject length accesses here: https://searchfox.org/mozilla-central/rev/86c98c486f03b598d0f80356b69163fd400ec8aa/js/xpconnect/wrappers/XrayWrapper.cpp#229-233 Your call on whether this patch is enough as-is, or more work is needed. Also your call on whether if more work is needed that needs to happen on this bug or somewhere else. I'm not sure what we'd need to do to support this more "properly", presumably we'd need to add special XRay support to ObservableArrayProxyHandler or so? Pointers (or patches of course ;)) welcome. Also unsure about the setter situation, I _think_ it's fine not to throw given the code I read, but please sanity-check. Differential Revision: https://phabricator.services.mozilla.com/D145045
42 lines
1.7 KiB
C
42 lines
1.7 KiB
C
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/**
|
|
* This file defines various reserved slot indices used by JavaScript
|
|
* reflections of DOM objects.
|
|
*/
|
|
#ifndef mozilla_dom_DOMSlots_h
|
|
#define mozilla_dom_DOMSlots_h
|
|
|
|
// We use slot 0 for holding the raw object. This is safe for both
|
|
// globals and non-globals.
|
|
// NOTE: This is baked into the Ion JIT as 0 in codegen for LGetDOMProperty and
|
|
// LSetDOMProperty. Those constants need to be changed accordingly if this value
|
|
// changes.
|
|
#define DOM_OBJECT_SLOT 0
|
|
|
|
// The total number of slots non-proxy DOM objects use by default.
|
|
// Specific objects may have more for storing cached values.
|
|
#define DOM_INSTANCE_RESERVED_SLOTS 1
|
|
|
|
// Interface objects store a number of reserved slots equal to
|
|
// DOM_INTERFACE_SLOTS_BASE + number of named constructors.
|
|
#define DOM_INTERFACE_SLOTS_BASE 0
|
|
|
|
// Interface prototype objects store a number of reserved slots equal to
|
|
// DOM_INTERFACE_PROTO_SLOTS_BASE or DOM_INTERFACE_PROTO_SLOTS_BASE + 1 if a
|
|
// slot for the unforgeable holder is needed.
|
|
#define DOM_INTERFACE_PROTO_SLOTS_BASE 0
|
|
|
|
// The slot index of raw pointer of dom object stored in observable array exotic
|
|
// object. We need this in order to call the OnSet* and OnDelete* callbacks.
|
|
#define OBSERVABLE_ARRAY_DOM_INTERFACE_SLOT 0
|
|
|
|
// The slot index of backing list stored in observable array exotic object.
|
|
#define OBSERVABLE_ARRAY_BACKING_LIST_OBJECT_SLOT 1
|
|
|
|
#endif /* mozilla_dom_DOMSlots_h */
|