Closed Bug 1917352 Opened 1 year ago Closed 11 months ago

[wpt-sync] Sync PR 48026 - Ensure TreeWalker operations return Node in its own context, not the receiver's

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
132 Branch
Tracking Flags:
Tracking Status
firefox132 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 48026 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/48026
Details from upstream follow.

Nate Chapin <japhet@chromium.org> wrote:

Ensure TreeWalker operations return Node in its own context, not the receiver's

Normally, when Nodes are accessible across frames, we apply the
extended attribute [CheckSecurity=ReturnValue] in the IDL. The
generated bindings then perform the necessary security checks and
wrap the Node in its own context, not the receiver context.

TreeWalker is different. The root node is already known to be
accessible (otherwise it couldn't be passed to the constructor), and
therefore any Node returned by TreeWalker must be accessible, since
TreeWalker doesn't walk across frame boundaries. However, the
TreeWalker and the Node are not required to be from the same
context (I don't know why, it's an old API, this seems like the
kind of design flaw we would catch in a modern API). So TreeWalker
is in a weird middle ground: it doesn't need security checks, but
it does need to wrap any Nodes it returns in the Node's context,
not the TreeWalker's context.

This CL adds a new extended attribute, [NodeWrapInOwnContext], for
TreeWalker (and related APIs, NodeIterator and NodeFilter). When
the extended attribute is present, the Node will be wrapped for use
in V8 with the Node's v8::Context, not the TreeWalker's v8::Context.

Fixed: 324929076
Change-Id: I1359483a9b89f7fcc4d1d522a203e357f2136734
Reviewed-on: https://chromium-review.googlesource.com/5331177
WPT-Export-Revision: d124dd0e0383ed936225bb14f4a3f57c95cb36ec

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 2 subtests

Status Summary

Firefox

OK : 1
PASS: 2

Chrome

OK : 1
FAIL: 2

Safari

OK : 1
FAIL: 2

Links

GitHub PR Head
GitHub PR Base

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/498b598de86a [wpt PR 48026] - Ensure TreeWalker operations return Node in its own context, not the receiver's, a=testonly

https://hg.mozilla.org/mozilla-central/rev/498b598de86a

Status: NEW → RESOLVED
Closed: 11 months ago
status-firefox132: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
You need to log in before you can comment on or make changes to this bug.