Sanitize inheritance in callers of utils.expose

extensions/renderer/resources/messaging.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // chrome.runtime.messaging API implementation.
+// TODO(robwu): Fix this indentation.
 
   // TODO(kalman): factor requiring chrome out of here.
   var chrome = requireNative('chrome').GetChrome();
   var Event = require('event_bindings').Event;
   var lastError = require('lastError');
   var logActivity = requireNative('activityLogger');
   var logging = requireNative('logging');
   var messagingNatives = requireNative('messaging_natives');
   var processNatives = requireNative('process');
   var utils = require('utils');
   var messagingUtils = require('messaging_utils');
 
   // The reserved channel name for the sendRequest/send(Native)Message APIs.
   // Note: sendRequest is deprecated.
   var kRequestChannel = "chrome.extension.sendRequest";
   var kMessageChannel = "chrome.runtime.sendMessage";
   var kNativeMessageChannel = "chrome.runtime.sendNativeMessage";
 
   // Map of port IDs to port object.
-  var ports = {};
+  var ports = {__proto__:null};
 
   // Change even to odd and vice versa, to get the other side of a given
   // channel.
   function getOppositePortId(portId) { return portId ^ 1; }
 
   // Port object.  Represents a connection to another script context through
   // which messages can be passed.
   function PortImpl(portId, opt_name) {
     this.portId_ = portId;
     this.name = opt_name;
 
-    var portSchema = {name: 'port', $ref: 'runtime.Port'};
-    var options = {unmanaged: true};
+    // Note: Keep these schemas in sync with the documentation in runtime.json
+    var portSchema = {
+      __proto__: null,
+      name: 'port',
+      $ref: 'runtime.Port',
+    };
+    var messageSchema = {
+      __proto__: null,
+      name: 'message',
+      type: 'any',
+      optional: true,
+    };
+    var options = {
+      __proto__: null,
+      unmanaged: true,
+    };
     this.onDisconnect = new Event(null, [portSchema], options);
-    this.onMessage = new Event(
-        null,
-        [{name: 'message', type: 'any', optional: true}, portSchema],
-        options);
+    this.onMessage = new Event(null, [messageSchema, portSchema], options);
     this.onDestroy_ = null;
   }
+  $Object.setPrototypeOf(PortImpl, null);
+  $Object.setPrototypeOf(PortImpl.prototype, null);
 
   // Sends a message asynchronously to the context on the other end of this
   // port.
   PortImpl.prototype.postMessage = function(msg) {
     // JSON.stringify doesn't support a root object which is undefined.
     if (msg === undefined)
       msg = null;
     msg = $JSON.stringify(msg);
     if (msg === undefined) {
       // JSON.stringify can fail with unserializable objects. Log an error and
       // drop the message.
       //
       // TODO(kalman/mpcomplete): it would be better to do the same validation
       // here that we do for runtime.sendMessage (and variants), i.e. throw an
       // schema validation Error, but just maintain the old behaviour until
       // there's a good reason not to (http://crbug.com/263077).
       console.error('Illegal argument to Port.postMessage');
       return;
     }
     messagingNatives.PostMessage(this.portId_, msg);
   };
 
   // Disconnects the port from the other end.
   PortImpl.prototype.disconnect = function() {
     messagingNatives.CloseChannel(this.portId_, true);
     this.destroy_();
   };
 
   PortImpl.prototype.destroy_ = function() {
-    if (this.onDestroy_)
+    if (this.onDestroy_) {
       this.onDestroy_();
+      this.onDestroy_ = null;
+    }
     privates(this.onDisconnect).impl.destroy_();
     privates(this.onMessage).impl.destroy_();
     // TODO(robwu): Remove port lifetime management because it is completely
     // handled in the browser. The renderer's only roles are
     // 1) rejecting ports so that the browser knows that the renderer is not
     //    interested in the port (this is merely an optimization)
     // 2) acknowledging port creations, so that the browser knows that the port
     //    was successfully created (from the perspective of the extension), but
     //    then closed for some non-fatal reason.
     // 3) notifying the browser of explicit port closure via .disconnect().
@@ skipping 20 matching lines @@
     messagingNatives.PortAddRef(portId);
     return port;
   };
 
   // Helper function for dispatchOnRequest.
   function handleSendRequestError(isSendMessage,
                                   responseCallbackPreserved,
                                   sourceExtensionId,
                                   targetExtensionId,
                                   sourceUrl) {
-    var errorMsg = [];
-    var eventName = isSendMessage ? "runtime.onMessage" : "extension.onRequest";
+    var errorMsg;
+    var eventName = isSendMessage ? 'runtime.onMessage' : 'extension.onRequest';
     if (isSendMessage && !responseCallbackPreserved) {
-      $Array.push(errorMsg,
-          "The chrome." + eventName + " listener must return true if you " +
-          "want to send a response after the listener returns");
+      errorMsg =
+        'The chrome.' + eventName + ' listener must return true if you ' +
+        'want to send a response after the listener returns';
     } else {
-      $Array.push(errorMsg,
-          "Cannot send a response more than once per chrome." + eventName +
-          " listener per document");
+      errorMsg =
+        'Cannot send a response more than once per chrome.' + eventName +
+        ' listener per document';
     }
-    $Array.push(errorMsg, "(message was sent by extension" + sourceExtensionId);
-    if (sourceExtensionId != "" && sourceExtensionId != targetExtensionId)
-      $Array.push(errorMsg, "for extension " + targetExtensionId);
-    if (sourceUrl != "")
-      $Array.push(errorMsg, "for URL " + sourceUrl);
-    lastError.set(eventName, errorMsg.join(" ") + ").", null, chrome);
+    errorMsg += ' (message was sent by extension' + sourceExtensionId;
+    if (sourceExtensionId && sourceExtensionId !== targetExtensionId)
+      errorMsg += ' for extension ' + targetExtensionId;
+    if (sourceUrl)
+      errorMsg += ' for URL ' + sourceUrl;
+    errorMsg += ').';
+    lastError.set(eventName, errorMsg, null, chrome);
   }
 
   // Helper function for dispatchOnConnect
   function dispatchOnRequest(portId, channelName, sender,
                              sourceExtensionId, targetExtensionId, sourceUrl,
                              isExternal) {
     var isSendMessage = channelName == kMessageChannel;
     var requestEvent = null;
     if (isSendMessage) {
       if (chrome.runtime) {
@@ skipping 277 matching lines @@
 exports.$set('Port', Port);
 exports.$set('createPort', createPort);
 exports.$set('sendMessageImpl', sendMessageImpl);
 exports.$set('sendMessageUpdateArguments', sendMessageUpdateArguments);
 
 // For C++ code to call.
 exports.$set('hasPort', hasPort);
 exports.$set('dispatchOnConnect', dispatchOnConnect);
 exports.$set('dispatchOnDisconnect', dispatchOnDisconnect);
 exports.$set('dispatchOnMessage', dispatchOnMessage);