ladybird

mirrors/ladybird

Fork 0

mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-12 12:01:52 +00:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Psychpsyo	b3487d8994	Meta: Add DOCTYPEs to most text tests	2025-03-20 11:50:49 +01:00
Andrew Kaster	5be4825504	LibWeb: Report exceptions from custom element upgrades to global object	2024-11-24 00:15:59 +00:00
Luke Wilde	48e11a1f12	LibWeb: Empty CE reaction queue instead of destroying it on exception If an exception occurs in a custom element constructor, we clear the reaction queue by destroying it, instead of emptying the Vector. `3da6916383/Userland/Libraries/LibWeb/DOM/Element.cpp (L2033)` This causes a UAF here, as async upgrades (i.e. custom elements not created by document.createElement) are performed in this loop: `3da6916383/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp (L657)` Fixes crash when loading https://github.com/SerenityOS/serenity	2024-02-29 21:58:01 -05:00

Psychpsyo

b3487d8994

Meta: Add DOCTYPEs to most text tests

2025-03-20 11:50:49 +01:00

Andrew Kaster

5be4825504

LibWeb: Report exceptions from custom element upgrades to global object

2024-11-24 00:15:59 +00:00

Luke Wilde

48e11a1f12

LibWeb: Empty CE reaction queue instead of destroying it on exception

If an exception occurs in a custom element constructor, we clear the
reaction queue by destroying it, instead of emptying the Vector.
3da6916383/Userland/Libraries/LibWeb/DOM/Element.cpp (L2033)

This causes a UAF here, as async upgrades (i.e. custom elements not
created by document.createElement) are performed in this loop:
3da6916383/Userland/Libraries/LibWeb/Bindings/MainThreadVM.cpp (L657)

Fixes crash when loading https://github.com/SerenityOS/serenity

2024-02-29 21:58:01 -05:00

3 commits