Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3623)

Unified Diff: chrome/renderer/resources/event_bindings.js

Issue 2387002: Prevent extensions from clobbering JSON implementation that extension calls use (Closed) Base URL: http://src.chromium.org/git/chromium.git
Patch Set: arv cr changes Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/renderer/resources/extension_process_bindings.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/resources/event_bindings.js
diff --git a/chrome/renderer/resources/event_bindings.js b/chrome/renderer/resources/event_bindings.js
index aaea01c13c62ac3d406c2fed404ca9c97be01697..4fa1309fc5451480fb3996f329bbed71c06da9cf 100644
--- a/chrome/renderer/resources/event_bindings.js
+++ b/chrome/renderer/resources/event_bindings.js
@@ -9,6 +9,40 @@ var chrome = chrome || {};
native function DetachEvent(eventName);
var chromeHidden = GetChromeHidden();
+
+ // Local implementation of JSON.parse & JSON.stringify that protect us
+ // from being clobbered by an extension.
+ chromeHidden.JSON = new (function() {
arv (Not doing code reviews) 2010/06/01 21:38:22 I don't really see the point for the "new (functio
+ const $Object = Object;
+ const $Array = Array;
+ const $jsonStringify = JSON.stringify;
+ const $jsonParse = JSON.parse;
+
+ this.stringify = function(thing) {
+ var customizedObjectToJSON = $Object.prototype.toJSON;
+ var customizedArrayToJSON = $Array.prototype.toJSON;
+ if (customizedObjectToJSON !== undefined) {
+ $Object.prototype.toJSON = null;
+ }
+ if (customizedArrayToJSON !== undefined) {
+ $Array.prototype.toJSON = null;
+ }
+ try {
+ return $jsonStringify(thing);
+ } finally {
+ if (customizedObjectToJSON !== undefined) {
+ $Object.prototype.toJSON = customizedObjectToJSON;
+ }
+ if (customizedArrayToJSON !== undefined) {
+ $Array.prototype.toJSON = customizedArrayToJSON;
+ }
+ }
+ };
+
+ this.parse = function(thing) {
+ return $jsonParse(thing);
+ };
+ })();
// Event object. If opt_eventName is provided, this object represents
// the unique instance of that named event, and dispatching an event
@@ -53,7 +87,7 @@ var chrome = chrome || {};
chromeHidden.Event.dispatchJSON = function(name, args) {
if (attachedNamedEvents[name]) {
if (args) {
- args = JSON.parse(args);
+ args = chromeHidden.JSON.parse(args);
}
return attachedNamedEvents[name].dispatch.apply(
attachedNamedEvents[name], args);
« no previous file with comments | « no previous file | chrome/renderer/resources/extension_process_bindings.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698