Descriptionbindings: Stop using the given creationContext in public APIs.
The creation context passed through the public APIs may be unsafe
and faked by user script. The callers of the APIs often do not
check if the context is safe and valid or not. Plus, there shouldn't
be a case that a caller needs to handle cross-origin cases, so let us
always use the current context instead of the creation context given
through the callers, which are not reliable.
BUG=497507
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=196755
Patch Set 1 #
Messages
Total messages: 6 (2 generated)
|