script/layout_dom/mod.rs
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
4
5//! A safe wrapper for DOM nodes that prevents layout from mutating the DOM, from letting DOM nodes
6//! escape, and from generally doing anything that it isn't supposed to. This is accomplished via
7//! a simple whitelist of allowed operations, along with some lifetime magic to prevent nodes from
8//! escaping.
9//!
10//! As a security wrapper is only as good as its whitelist, be careful when adding operations to
11//! this list. The cardinal rules are:
12//!
13//! 1. Layout is not allowed to mutate the DOM.
14//!
15//! 2. Layout is not allowed to see anything with `LayoutDom` in the name, because it could hang
16//! onto these objects and cause use-after-free.
17//!
18//! When implementing wrapper functions, be careful that you do not touch the borrow flags, or you
19//! will race and cause spurious thread failure. (Note that I do not believe these races are
20//! exploitable, but they'll result in brokenness nonetheless.)
21
22#![allow(unsafe_code)]
23
24mod document;
25mod element;
26mod node;
27mod shadow_root;
28
29pub use document::*;
30pub use element::*;
31pub use node::*;
32pub use shadow_root::*;