mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-29 04:09:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Don't crash when upgrading custom element with a bad constructor

Browse source 
Previously, a crash would occur when attempting to throw an error in
this case because the method used to create the exception tried to get
the current realm from the execution context stack, which is empty. The
realm is now passed explicitly when constructing the error, avoiding
the crash.
This commit is contained in:
Tim Ledbetter 2025-01-12 17:17:21 +00:00 committed by Luke Wilde
commit 619df0bc2c
Notes: github-actions[bot] 2025-01-13 10:56:42 +00:00
3 changed files with 101 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Libraries/LibWeb/DOM/ElementFactory.cpp
View file

@ -568,8 +568,6 @@ WebIDL::ExceptionOr<GC::Ref<Element>> create_element(Document& document, FlyStri
// 1. If the synchronous custom elements flag is set, then run these steps while catching any exceptions:
if (synchronous_custom_elements_flag) {
auto synchronously_upgrade_custom_element = [&]() -> JS::ThrowCompletionOr<GC::Ref<HTML::HTMLElement>> {
auto& vm = document.vm();
// 1. Let C be definitions constructor.
auto& constructor = definition->constructor();
@ -578,7 +576,7 @@ WebIDL::ExceptionOr<GC::Ref<Element>> create_element(Document& document, FlyStri
// NOTE: IDL does not currently convert the object for us, so we will have to do it here.
if (!result.has_value() || !result->is_object() || !is<HTML::HTMLElement>(result->as_object()))
return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "HTMLElement"sv);
return JS::throw_completion(JS::TypeError::create(realm, "Custom element constructor must return an object that implements HTMLElement"_string));
GC::Ref<HTML::HTMLElement> element = verify_cast<HTML::HTMLElement>(result->as_object());