Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(32)

Issue 1231803002: extension: Checks the security token of the V8 context at GetModuleSystem(). (Closed)

Created:
4 years, 3 months ago by Yuki
Modified:
4 years, 3 months ago
CC:
chromium-apps-reviews_chromium.org, chromium-reviews, extensions-reviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

When GetModuleSystem(arg) is called, we're using |arg|'s creation context, and it may violate the access over cross domain. Fix GetModuleSystem so it checks the security token between the given context and the current context. If they differ, returns |undefined|. BUG=504011

Patch Set 1 #

Patch Set 2 : #

Patch Set 3 : Added a comment. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -3 lines) Patch
M extensions/renderer/v8_context_native_handler.h View 1 chunk +0 lines, -1 line 0 comments Download
M extensions/renderer/v8_context_native_handler.cc View 1 2 3 chunks +5 lines, -2 lines 1 comment Download

Messages

Total messages: 6 (2 generated)
Yuki
Could you guys review this CL? kalman@, could you review as an owner? I'm not ...
4 years, 3 months ago (2015-07-09 09:21:58 UTC) #2
not at google - send to devlin
lg, but can you add a regression test for it? It can go in extension_bindings_apitest.cc, ...
4 years, 3 months ago (2015-07-09 16:22:19 UTC) #3
Yuki
On 2015/07/09 16:22:19, kalman wrote: > lg, but can you add a regression test for ...
4 years, 3 months ago (2015-07-10 05:48:39 UTC) #4
jochen (gone - plz use gerrit)
4 years, 3 months ago (2015-07-13 12:01:17 UTC) #6
https://codereview.chromium.org/1231803002/diff/40001/extensions/renderer/v8_...
File extensions/renderer/v8_context_native_handler.cc (right):

https://codereview.chromium.org/1231803002/diff/40001/extensions/renderer/v8_...
extensions/renderer/v8_context_native_handler.cc:55:
args.GetIsolate()->GetCurrentContext()->GetSecurityToken())
i'd rather not duplicate the security check logic, but use the one from
BindingSecurity

Powered by Google App Engine
This is Rietveld 408576698