js/xpconnect/crashtests/453935-1.html@129ffea94266 (annotated)
js/xpconnect/crashtests/453935-1.html
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
| michael@0 | 1 | <!DOCTYPE html> |
| michael@0 | 2 | <html> |
| michael@0 | 3 | <head> |
| michael@0 | 4 | <script type="text/javascript"> |
| michael@0 | 5 | |
| michael@0 | 6 | function boom() |
| michael@0 | 7 | { |
| michael@0 | 8 | var a = []; |
| michael@0 | 9 | a[31] = undefined; |
| michael@0 | 10 | a[40] = undefined; |
| michael@0 | 11 | a[44] = {}; |
| michael@0 | 12 | a[45] = new XMLHttpRequest(); |
| michael@0 | 13 | a[48] = new XMLHttpRequest(); |
| michael@0 | 14 | a[53] = XMLHttpRequest.prototype; |
| michael@0 | 15 | a[53].__proto__ = {}; |
| michael@0 | 16 | a[53].nodeType = 100; |
| michael@0 | 17 | search(a, 41); |
| michael@0 | 18 | } |
| michael@0 | 19 | |
| michael@0 | 20 | |
| michael@0 | 21 | function search(a, start) |
| michael@0 | 22 | { |
| michael@0 | 23 | var N = a.length; |
| michael@0 | 24 | |
| michael@0 | 25 | for (var j = start; j < N; ++j) { |
| michael@0 | 26 | var e = a[j]; |
| michael@0 | 27 | if (typeof e == "object" && "nodeType" in e && e.nodeType == 99) |
| michael@0 | 28 | return j; |
| michael@0 | 29 | } |
| michael@0 | 30 | |
| michael@0 | 31 | return null; |
| michael@0 | 32 | } |
| michael@0 | 33 | |
| michael@0 | 34 | </script> |
| michael@0 | 35 | </head> |
| michael@0 | 36 | <body onload="boom();"></body> |
| michael@0 | 37 | </html> |
