зеркало из https://github.com/mozilla/gecko-dev.git
Bug 751858 - Actually throw when we deny access. r=bholley
This commit is contained in:
Родитель
d8228451d4
Коммит
6629d14a06
|
@ -455,12 +455,10 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||||
perm = PermitObjectAccess;
|
perm = PermitObjectAccess;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if (act == Wrapper::PUNCTURE) {
|
|
||||||
perm = DenyAccess;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
perm = DenyAccess;
|
perm = DenyAccess;
|
||||||
|
if (act == Wrapper::PUNCTURE)
|
||||||
|
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||||
|
|
||||||
jsid exposedPropsId = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EXPOSEDPROPS);
|
jsid exposedPropsId = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EXPOSEDPROPS);
|
||||||
|
|
||||||
|
|
|
@ -120,14 +120,13 @@ struct LocationPolicy : public Policy {
|
||||||
perm = DenyAccess;
|
perm = DenyAccess;
|
||||||
|
|
||||||
// Location object security is complicated enough. Don't allow punctures.
|
// Location object security is complicated enough. Don't allow punctures.
|
||||||
if (act == js::Wrapper::PUNCTURE)
|
if (act != js::Wrapper::PUNCTURE &&
|
||||||
return false;
|
(AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
|
||||||
|
AccessCheck::isLocationObjectSameOrigin(cx, wrapper))) {
|
||||||
if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
|
|
||||||
AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
|
|
||||||
perm = PermitPropertyAccess;
|
perm = PermitPropertyAccess;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
JSAutoEnterCompartment ac;
|
JSAutoEnterCompartment ac;
|
||||||
if (!ac.enter(cx, wrapper))
|
if (!ac.enter(cx, wrapper))
|
||||||
return false;
|
return false;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче