Tim van der Lippe b38bf3e606 Avoid crash when non-trusted-script object is passed into Function constructor (#39451) ...

It is possible to pass in objects that are not trusted scripts into the
Function constructor. Rather than crashing, we now treat these as
untrusted. `can_compile_string_with_trusted_type` doesn't need to know
the contents of a string, as it always marks it as untrusted.

We can make the same optimization in the string case, where we no longer
need to convert the string.

Testing: This change adds a WPT crash test.
Fixes #39436

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

2025-09-26 18:33:56 +00:00

..

docs

doc: fix broken link to UnrootedMustRoot plugin (#36198)

2025-03-28 10:23:41 +00:00

dom

Move Request constructor to impl (#39490)

2025-09-25 19:30:58 +00:00

layout_dom

layout: Ensure IFC for abspos with inline-level original display (#39041)

2025-09-02 03:43:55 +00:00

resources

tidy: Add a rule ensuring that // comments are followed by a space in Rust (#38698)

2025-08-18 12:09:09 +00:00

xpath

script: Remove dead code in xpath implementation (#39454)

2025-09-23 21:58:17 +00:00

animation_timeline.rs

script: Limit public exports. (#34915)

2025-01-10 08:19:19 +00:00

animations.rs

script: Integrate animated image updates into ScriptThread event loop (#38941)

2025-08-26 17:24:12 +00:00

body.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

build.rs

script: copy include! files from script_bindings to script's OUT_DIR (#36384)

2025-04-08 19:22:24 +00:00

Cargo.toml

Cargo.toml cleanup (#39403)

2025-09-20 03:09:37 +00:00

clipboard_provider.rs

Add direct script to embedder channel (#39039)

2025-09-02 06:33:44 +00:00

conversions.rs

suppress build warnings when disabling webgpu and webxr (#35379)

2025-02-08 08:16:21 +00:00

devtools.rs

script: Move HTML DOM interfaces to script/dom/html/ (#39046)

2025-08-31 01:00:09 +00:00

document_collection.rs

Replace Hash Algorithm in HashMap/Set with FxHashMap/Set for simple types (#39166)

2025-09-09 08:33:46 +00:00

document_loader.rs

net: Remove CoreResourceThread from FetchThread state (#38422)

2025-08-13 17:40:10 +00:00

drag_data_store.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

fetch.rs

Abort fetch controller when signal is aborted (#39374)

2025-09-21 12:33:03 +00:00

iframe_collection.rs

Removed FnvHash and transformed the rest to FxHashmap (#39233)

2025-09-10 13:34:54 +00:00

image_animation.rs

Switch the majority of fxhash uses to rustc_hash which is maintained (#39168)

2025-09-06 05:19:47 +00:00

indexed_db.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

init.rs

Make generated bindings generic over DOM types (#35169)

2025-01-25 05:08:49 +00:00

layout_image.rs

Return correct source position for element CSP violations (#37970)

2025-07-11 08:42:51 +00:00

lib.rs

Combine some access to the thread local variable for script thread. (#38752)

2025-09-11 09:40:32 +00:00

links.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

messaging.rs

script: Chain up keyboard scrolling to parent <iframe>s (#39469)

2025-09-25 11:16:41 +00:00

microtask.rs

Combine some access to the thread local variable for script thread. (#38752)

2025-09-11 09:40:32 +00:00

mime.rs

build(deps): bump data-url from 0.3.1 to 0.3.2 (#38862)

2025-08-27 03:22:13 +00:00

navigation.rs

constellation: Pass system theme to new Pipelines (#37132)

2025-05-26 12:05:38 +00:00

network_listener.rs

Propagate CanGc arguments through callers in constructors (#35541)

2025-02-20 16:17:45 +00:00

realms.rs

Move generated bindings to script_bindings (#36323)

2025-04-04 06:45:08 +00:00

routed_promise.rs

script: add TaskSource argument to route_promise (#36831)

2025-05-04 17:05:27 +00:00

script_module.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

script_mutation_observers.rs

Move signals_slots to ScriptMutationObservers (#39275)

2025-09-12 18:43:59 +00:00

script_runtime.rs

Avoid crash when non-trusted-script object is passed into Function constructor (#39451)

2025-09-26 18:33:56 +00:00

script_thread.rs

script: Chain up keyboard scrolling to parent <iframe>s (#39469)

2025-09-25 11:16:41 +00:00

security_manager.rs

Inherit CSP for blob workers (#38033)

2025-07-17 08:14:20 +00:00

serviceworker_manager.rs

script: Migrate swmanager to GenericChannel (#39076)

2025-09-01 19:23:16 +00:00

stylesheet_loader.rs

script: Move HTML DOM interfaces to script/dom/html/ (#39046)

2025-08-31 01:00:09 +00:00

stylesheet_set.rs

script: Limit public exports. (#34915)

2025-01-10 08:19:19 +00:00

task_manager.rs

script: Enable crypto task source at task manager (#39453)

2025-09-24 16:21:03 +00:00

task_queue.rs

Replace Hash Algorithm in HashMap/Set with FxHashMap/Set for simple types (#39166)

2025-09-09 08:33:46 +00:00

task_source.rs

script: Enable crypto task source at task manager (#39453)

2025-09-24 16:21:03 +00:00

task.rs

script: Measure heap usage of various ignored fields (#38791)

2025-08-20 08:43:58 +00:00

test.rs

script: Move HTML DOM interfaces to script/dom/html/ (#39046)

2025-08-31 01:00:09 +00:00

textinput.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

timers.rs

Script: Change the rest of script to not rely on Deref<str> for DOMString (#39481)

2025-09-25 12:27:42 +00:00

unminify.rs

Update rustfmt to the 2024 style edition (#35764)

2025-03-03 11:26:53 +00:00

webdriver_handlers.rs

storage: Move shared functionality to base (#39419)

2025-09-22 13:59:36 +00:00

window_named_properties.rs

script: Move operations in window_named_properties::get_own_property_descriptor & webdriver_handlers::clone_an_object into unsafe blocks (#38951)

2025-08-26 21:48:25 +00:00