зеркало из https://github.com/mozilla/gecko-dev.git
Bug 751858 - Actually throw when we deny access. r=bholley
This commit is contained in:
Родитель
d8228451d4
Коммит
6629d14a06
|
@ -455,12 +455,10 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
|||
perm = PermitObjectAccess;
|
||||
return true;
|
||||
}
|
||||
if (act == Wrapper::PUNCTURE) {
|
||||
perm = DenyAccess;
|
||||
return false;
|
||||
}
|
||||
|
||||
perm = DenyAccess;
|
||||
if (act == Wrapper::PUNCTURE)
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
|
||||
jsid exposedPropsId = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EXPOSEDPROPS);
|
||||
|
||||
|
|
|
@ -120,14 +120,13 @@ struct LocationPolicy : public Policy {
|
|||
perm = DenyAccess;
|
||||
|
||||
// Location object security is complicated enough. Don't allow punctures.
|
||||
if (act == js::Wrapper::PUNCTURE)
|
||||
return false;
|
||||
|
||||
if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
|
||||
AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
|
||||
if (act != js::Wrapper::PUNCTURE &&
|
||||
(AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
|
||||
AccessCheck::isLocationObjectSameOrigin(cx, wrapper))) {
|
||||
perm = PermitPropertyAccess;
|
||||
return true;
|
||||
}
|
||||
|
||||
JSAutoEnterCompartment ac;
|
||||
if (!ac.enter(cx, wrapper))
|
||||
return false;
|
||||
|
|
Загрузка…
Ссылка в новой задаче