Issue 1973683002: [ios] Protect JS messaging system from window.webkit object overriding.

Issue 1973683002: [ios] Protect JS messaging system from window.webkit object overriding. (Closed)

Created:
4 years, 7 months ago by Eugene But (OOO till 7-30)

Modified:
4 years, 7 months ago

Reviewers:
Jackie Quinn

CC:
chromium-reviews

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

[ios] Protect JS messaging system from overriding window.webkit object. Any webpage can override window.webkit object (intentionally or by accident). Since window.webkit is used for JS->Native messaging it should be protected from overriding. Before sending a message, delete |window.webkit| to restore the original implementation. BUG=611023 Committed: https://crrev.com/3eccc98ae84d9f47151d329b13fe2527f3f649ae Cr-Commit-Position: refs/heads/master@{#393351}

Patch Set 1 #

Patch Set 2 : Self review #

Total comments: 4

Patch Set 3 : Delete |window.webkit| to restore the original object #

Patch Set 4 : Retain and restore the old implementation #

Total comments: 2

Patch Set 5 : Updated comments #

Created: 4 years, 7 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+32 lines, -0 lines)			Patch
	M	ios/web/web_state/js/resources/message.js	View	1 2 3 4	1 chunk	+6 lines, -0 lines	0 comments	Download
	M	ios/web/web_state/web_state_impl_unittest.mm	View	1 2	1 chunk	+26 lines, -0 lines	0 comments	Download

Messages

Total messages: 14 (6 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Jackie Quinn

https://codereview.chromium.org/1973683002/diff/20001/ios/web/web_state/js/resources/message.js File ios/web/web_state/js/resources/message.js (right): https://codereview.chromium.org/1973683002/diff/20001/ios/web/web_state/js/resources/message.js#newcode19 ios/web/web_state/js/resources/message.js:19: // Retain message handlers object in case if a ...

4 years, 7 months ago (2016-05-11 22:05:01 UTC) #3

Eugene But (OOO till 7-30)

PTAL https://codereview.chromium.org/1973683002/diff/20001/ios/web/web_state/js/resources/message.js File ios/web/web_state/js/resources/message.js (right): https://codereview.chromium.org/1973683002/diff/20001/ios/web/web_state/js/resources/message.js#newcode19 ios/web/web_state/js/resources/message.js:19: // Retain message handlers object in case if ...

4 years, 7 months ago (2016-05-12 13:59:15 UTC) #5

Jackie Quinn

lgtm with additional commenting request https://codereview.chromium.org/1973683002/diff/60001/ios/web/web_state/js/resources/message.js File ios/web/web_state/js/resources/message.js (right): https://codereview.chromium.org/1973683002/diff/60001/ios/web/web_state/js/resources/message.js#newcode119 ios/web/web_state/js/resources/message.js:119: // If |window.webkit| has ...

4 years, 7 months ago (2016-05-12 17:33:58 UTC) #6

Eugene But (OOO till 7-30)

Thanks! https://codereview.chromium.org/1973683002/diff/60001/ios/web/web_state/js/resources/message.js File ios/web/web_state/js/resources/message.js (right): https://codereview.chromium.org/1973683002/diff/60001/ios/web/web_state/js/resources/message.js#newcode119 ios/web/web_state/js/resources/message.js:119: // If |window.webkit| has been overridden deleting the ...

4 years, 7 months ago (2016-05-12 18:44:41 UTC) #7

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1973683002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1973683002/80001

4 years, 7 months ago (2016-05-12 19:45:57 UTC) #10

commit-bot: I haz the power

4 years, 7 months ago (2016-05-12 21:02:28 UTC) #14

Message was sent while issue was closed.

Patchset 5 (id:??) landed as
https://crrev.com/3eccc98ae84d9f47151d329b13fe2527f3f649ae
Cr-Commit-Position: refs/heads/master@{#393351}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages