wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 532469 - Don't allow deleting arbitrary properties. r=jst

Browse Source
This commit is contained in:
Blake Kaplan 2009-10-20 17:21:42 -07:00
parent a9e26d46d0
commit b7cbf88c7e
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
js/src/xpconnect/src/XPCChromeObjectWrapper.cpp
View File

@ -540,6 +540,17 @@ XPC_COW_DelProperty(JSContext *cx, JSObject *obj, jsval id, jsval *vp)
return ThrowException(NS_ERROR_FAILURE, cx);
}
JSBool canTouch;
jsid interned_id;
if (!JS_ValueToId(cx, id, &interned_id) ||
!CanTouchProperty(cx, obj, interned_id, JS_TRUE, &canTouch)) {
return JS_FALSE;
}
if (!canTouch) {
return ThrowException(NS_ERROR_XPC_SECURITY_MANAGER_VETO, cx);
}
// Deleting a property is safe.
return XPCWrapper::DelProperty(cx, wrappedObj, id, vp);
}

2
js/src/xpconnect/tests/mochitest/test_cows.html
View File

@ -117,7 +117,7 @@ function COWTests() {
try {
delete getCOW(readable).foo;
todo(false, "deleting a read-only exposed prop shouldn't work");
ok(false, "deleting a read-only exposed prop shouldn't work");
} catch (e) {
ok(/SECURITY_MANAGER/.test(e),
"deleting a read-only exposed prop should throw error");