wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 719841 - Do not innerize an object assigned to __proto__. r=mrbkap

Browse Source
This commit is contained in:
Jason Orendorff 2012-01-20 13:32:44 -08:00
parent a1e57b0db2
commit 6d6181b2a7
1 changed files with 3 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
js/src/jsobj.cpp
View File

@ -188,26 +188,15 @@ obj_setProto(JSContext *cx, JSObject *obj, jsid id, JSBool strict, Value *vp)
}
if (!vp->isObjectOrNull())
return JS_TRUE;
return true;
JSObject *pobj = vp->toObjectOrNull();
if (pobj) {
/*
* Innerize pobj here to avoid sticking unwanted properties on the
* outer object. This ensures that any with statements only grant
* access to the inner object.
*/
OBJ_TO_INNER_OBJECT(cx, pobj);
if (!pobj)
return JS_FALSE;
}
uintN attrs;
id = ATOM_TO_JSID(cx->runtime->atomState.protoAtom);
if (!CheckAccess(cx, obj, id, JSAccessMode(JSACC_PROTO|JSACC_WRITE), vp, &attrs))
return JS_FALSE;
return false;
return SetProto(cx, obj, pobj, JS_TRUE);
return SetProto(cx, obj, pobj, true);
}
#else /* !JS_HAS_OBJ_PROTO_PROP */