RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-13 15:07:34 +00:00
Code Issues Activity Actions

LibWeb: Don't crash when accessing property in detached Window object

Browse source 
After removing an iframe from the DOM, its contentWindow will be
detached from its browsing context, per spec.

Because the contentWindow is still accessible, we cannot assume that
Window objects always have an associated browsing context.

This needs to be fixed in the spec, but let's add a sensible null check
in the meantime.
This commit is contained in:
Andreas Kling 2024-03-11 09:35:35 +01:00
parent 2e0297d703
commit ad843b6e4a
5 changed files with 28 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibWeb/HTML/WindowProxy.cpp
View file

@ -158,7 +158,7 @@ JS::ThrowCompletionOr<JS::Value> WindowProxy::internal_get(JS::PropertyKey const
// 1. Let W be the value of the [[Window]] internal slot of this.
// 2. Check if an access between two browsing contexts should be reported, given the current global object's browsing context, W's browsing context, P, and the current settings object.
check_if_access_between_two_browsing_contexts_should_be_reported(*verify_cast<Window>(current_global_object()).browsing_context(), *m_window->browsing_context(), property_key, current_settings_object());
check_if_access_between_two_browsing_contexts_should_be_reported(*verify_cast<Window>(current_global_object()).browsing_context(), m_window->browsing_context(), property_key, current_settings_object());
// 3. If IsPlatformObjectSameOrigin(W) is true, then return ? OrdinaryGet(this, P, Receiver).
// NOTE: this is passed rather than W as OrdinaryGet and CrossOriginGet will invoke the [[GetOwnProperty]] internal method.
@ -178,7 +178,7 @@ JS::ThrowCompletionOr<bool> WindowProxy::internal_set(JS::PropertyKey const& pro
// 1. Let W be the value of the [[Window]] internal slot of this.
// 2. Check if an access between two browsing contexts should be reported, given the current global object's browsing context, W's browsing context, P, and the current settings object.
check_if_access_between_two_browsing_contexts_should_be_reported(*verify_cast<Window>(current_global_object()).browsing_context(), *m_window->browsing_context(), property_key, current_settings_object());
check_if_access_between_two_browsing_contexts_should_be_reported(*verify_cast<Window>(current_global_object()).browsing_context(), m_window->browsing_context(), property_key, current_settings_object());
// 3. If IsPlatformObjectSameOrigin(W) is true, then:
if (is_platform_object_same_origin(*m_window)) {