mirror of
https://github.com/servo/servo
synced 2026-05-01 03:47:53 +02:00
0a0a20a9c6
Replaces some #[allow] with #[expect]. In case where the lint expectation was unfulfilled, I removed it. Testing: Refactor Part of: https://github.com/servo/servo/issues/40383 Signed-off-by: Dennis Kraus <kraus@posteo.de>
33 lines
1.3 KiB
Rust
33 lines
1.3 KiB
Rust
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
//! A safe wrapper for DOM nodes that prevents layout from mutating the DOM, from letting DOM nodes
|
|
//! escape, and from generally doing anything that it isn't supposed to. This is accomplished via
|
|
//! a simple whitelist of allowed operations, along with some lifetime magic to prevent nodes from
|
|
//! escaping.
|
|
//!
|
|
//! As a security wrapper is only as good as its whitelist, be careful when adding operations to
|
|
//! this list. The cardinal rules are:
|
|
//!
|
|
//! 1. Layout is not allowed to mutate the DOM.
|
|
//!
|
|
//! 2. Layout is not allowed to see anything with `LayoutDom` in the name, because it could hang
|
|
//! onto these objects and cause use-after-free.
|
|
//!
|
|
//! When implementing wrapper functions, be careful that you do not touch the borrow flags, or you
|
|
//! will race and cause spurious thread failure. (Note that I do not believe these races are
|
|
//! exploitable, but they'll result in brokenness nonetheless.)
|
|
|
|
#![expect(unsafe_code)]
|
|
|
|
mod document;
|
|
mod element;
|
|
mod node;
|
|
mod shadow_root;
|
|
|
|
pub use document::*;
|
|
pub use element::*;
|
|
pub use node::*;
|
|
pub use shadow_root::*;
|