mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 00:31:14 +00:00
LibWeb: Add missing check in CrossOriginGetOwnPropertyHelper
We have to check that the entry in CrossOriginProperties is the one actually requested from the caller before executing the body of the loop. This fixes a crash triggered by YouTube iframe embedding.
This commit is contained in:
parent
41f7f821f6
commit
b8a097f74b
Notes:
sideshowbarker
2024-07-16 21:45:42 +09:00
Author: https://github.com/axgallo Commit: https://github.com/SerenityOS/serenity/commit/b8a097f74b Pull-request: https://github.com/SerenityOS/serenity/pull/19107 Reviewed-by: https://github.com/awesomekling
|
@ -102,8 +102,17 @@ Optional<JS::PropertyDescriptor> cross_origin_get_own_property_helper(Variant<HT
|
|||
.property_key = property_key,
|
||||
};
|
||||
|
||||
// SameValue(e.[[Property]], P) can never be true at step 2.1 if P is not a string due to the different type, so we can return early.
|
||||
if (!property_key.is_string()) {
|
||||
return {};
|
||||
}
|
||||
auto const& property_key_string = property_key.as_string();
|
||||
|
||||
// 2. For each e of CrossOriginProperties(O):
|
||||
for (auto const& entry : cross_origin_properties(object_const_variant)) {
|
||||
if (entry.property != property_key_string)
|
||||
continue;
|
||||
// 1. If SameValue(e.[[Property]], P) is true, then:
|
||||
auto& cross_origin_property_descriptor_map = object.visit([](auto* o) -> CrossOriginPropertyDescriptorMap& { return o->cross_origin_property_descriptor_map(); });
|
||||
|
||||
// 1. If the value of the [[CrossOriginPropertyDescriptorMap]] internal slot of O contains an entry whose key is crossOriginKey, then return that entry's value.
|
||||
|
|
Loading…
Reference in a new issue