summaryrefslogtreecommitdiffstats
path: root/WebCore
diff options
context:
space:
mode:
Diffstat (limited to 'WebCore')
-rwxr-xr-xWebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp4
-rw-r--r--WebCore/css/CSSPrimitiveValue.cpp11
-rw-r--r--WebCore/loader/DocumentThreadableLoader.cpp1
3 files changed, 9 insertions, 7 deletions
diff --git a/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp b/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp
index 58f810b..1959454 100755
--- a/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp
+++ b/WebCore/bindings/v8/custom/V8WebKitPointConstructor.cpp
@@ -43,6 +43,10 @@ namespace WebCore {
v8::Handle<v8::Value> V8WebKitPoint::constructorCallback(const v8::Arguments& args)
{
INC_STATS("DOM.WebKitPoint.Constructor");
+
+ if (!args.IsConstructCall())
+ return throwError("DOM object constructor cannot be called as a function.");
+
float x = 0;
float y = 0;
if (args.Length() > 1) {
diff --git a/WebCore/css/CSSPrimitiveValue.cpp b/WebCore/css/CSSPrimitiveValue.cpp
index 1f2c9ca..012aa56 100644
--- a/WebCore/css/CSSPrimitiveValue.cpp
+++ b/WebCore/css/CSSPrimitiveValue.cpp
@@ -477,9 +477,8 @@ void CSSPrimitiveValue::setFloatValue(unsigned short unitType, double floatValue
{
ec = 0;
- // FIXME: check if property supports this type
- if (m_type > CSS_DIMENSION) {
- ec = SYNTAX_ERR;
+ if (m_type < CSS_NUMBER || m_type > CSS_DIMENSION || unitType < CSS_NUMBER || unitType > CSS_DIMENSION) {
+ ec = INVALID_ACCESS_ERR;
return;
}
@@ -568,10 +567,8 @@ void CSSPrimitiveValue::setStringValue(unsigned short stringType, const String&
{
ec = 0;
- //if(m_type < CSS_STRING) throw DOMException(INVALID_ACCESS_ERR);
- //if(m_type > CSS_ATTR) throw DOMException(INVALID_ACCESS_ERR);
- if (m_type < CSS_STRING || m_type > CSS_ATTR) {
- ec = SYNTAX_ERR;
+ if (m_type < CSS_STRING || m_type > CSS_ATTR || stringType < CSS_STRING || stringType > CSS_ATTR) {
+ ec = INVALID_ACCESS_ERR;
return;
}
diff --git a/WebCore/loader/DocumentThreadableLoader.cpp b/WebCore/loader/DocumentThreadableLoader.cpp
index de0a0b0..d0f6c04 100644
--- a/WebCore/loader/DocumentThreadableLoader.cpp
+++ b/WebCore/loader/DocumentThreadableLoader.cpp
@@ -287,6 +287,7 @@ void DocumentThreadableLoader::preflightSuccess()
void DocumentThreadableLoader::preflightFailure()
{
+ m_actualRequest = 0; // Prevent didFinishLoading() from bypassing access check.
m_client->didFail(ResourceError());
}