fix(script): the condition for exposing a cross-origin setter is `CrossOriginWritable`, not `CrossOriginReadable`

The expression `crossOriginIframe.contentWindow.location.href = "new
href"` takes the following steps: (1) Get the setter for `href` by
invoking `[[GetOwnProperty]]` on `crossOriginIframe.contentWindow.
location`. (2) Call the setter, passing `crossOriginIframe.
contentWindow` and `"new href"`. Since the target `Location` is cross
origin, getting the setter succeeds only if the `CrossOriginWritable`
extended attribute is present on the `href` attribute, and it's present.
However, instead of `CrossOriginWritable`, `CrossOriginReadable` was
checked mistakenly.

Since `Location#href` has `CrossOriginWritable` but not
`CrossOriginReadable`, this bug rendered `Location#href` inaccessible
from a cross-origin document.

1 files changed, 1 insertions, 1 deletions

diff --git a/components/script/dom/bindings/codegen/CodegenRust.py b/components/script/dom/bindings/codegen/CodegenRust.py
index 03998017f36..e8e5bfbab4f 100644
--- a/components/script/dom/bindings/codegen/CodegenRust.py
+++ b/components/script/dom/bindings/codegen/CodegenRust.py
@@ -1936,7 +1936,7 @@ class AttrDefiner(PropertyDefiner):
         def setter(attr):
             attr = attr['attr']
 
-            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginReadable"))
+            if ((self.crossorigin and not attr.getExtendedAttribute("CrossOriginWritable"))
                 or (attr.readonly
                     and not attr.getExtendedAttribute("PutForwards")
                     and not attr.getExtendedAttribute("Replaceable"))):