beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-30 00:31:14 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

LibWeb: Add missing check in CrossOriginGetOwnPropertyHelper

Browse source 
We have to check that the entry in CrossOriginProperties is the one
actually requested from the caller before executing the body of the
loop. This fixes a crash triggered by YouTube iframe embedding.
This commit is contained in:
Andi Gallo 2023-05-28 12:21:28 +00:00 committed by Andreas Kling
parent 41f7f821f6
commit b8a097f74b
Notes: sideshowbarker 2024-07-16 21:45:42 +09:00 
Author: https://github.com/axgallo
Commit: https://github.com/SerenityOS/serenity/commit/b8a097f74b
Pull-request: https://github.com/SerenityOS/serenity/pull/19107
Reviewed-by: https://github.com/awesomekling
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Userland/Libraries/LibWeb/HTML/CrossOrigin/AbstractOperations.cpp
View file

@ -102,8 +102,17 @@ Optional<JS::PropertyDescriptor> cross_origin_get_own_property_helper(Variant<HT
.property_key = property_key,
};
// SameValue(e.[[Property]], P) can never be true at step 2.1 if P is not a string due to the different type, so we can return early.
if (!property_key.is_string()) {
return {};
}
auto const& property_key_string = property_key.as_string();
// 2. For each e of CrossOriginProperties(O):
for (auto const& entry : cross_origin_properties(object_const_variant)) {
if (entry.property != property_key_string)
continue;
// 1. If SameValue(e.[[Property]], P) is true, then:
auto& cross_origin_property_descriptor_map = object.visit([](auto* o) -> CrossOriginPropertyDescriptorMap& { return o->cross_origin_property_descriptor_map(); });
// 1. If the value of the [[CrossOriginPropertyDescriptorMap]] internal slot of O contains an entry whose key is crossOriginKey, then return that entry's value.