[ios] Protect JS messaging system from window.webkit object overriding.

ios/web/web_state/js/resources/message.js

Index: ios/web/web_state/js/resources/message.js
diff --git a/ios/web/web_state/js/resources/message.js b/ios/web/web_state/js/resources/message.js
index e57133a79efc648d99a59fdf21ac548c5d3da7df..78a44102bd9554baeb23ec3c38d0b765656dbc6f 100644
--- a/ios/web/web_state/js/resources/message.js
+++ b/ios/web/web_state/js/resources/message.js
@@ -15,6 +15,12 @@ __gCrWeb.message = {};
 
 /* Beginning of anonymous object. */
 (function() {
+
+  // Retain message handlers object in case if a web page decide to override

[Jackie Quinn, 2016/05/11 22:05:01]

Grammar nit: "in case a web page overrides"

[Eugene But (OOO till 7-30), 2016/05/12 13:59:15]

Acknowledged.

+  // |window.webkit|.
+  if (window.webkit)
+    __gCrWeb.webkitMessageHandlers = window.webkit.messageHandlers;
+
   /**
    * Object to manage queue of messages waiting to be sent to the main
    * application for immediate processing.
@@ -116,8 +122,11 @@ __gCrWeb.message = {};
             "crwCommand": command,
             "crwWindowId": __gCrWeb.windowId
         });
-        window.webkit.messageHandlers[queueObject.scheme].postMessage(
-            stringifiedMessage);
+        // If |window.webkit| has been overridden, use messageHandlers object
+        // retained before the page load.
+        var messageHandlers = window.webkit.messageHandlers ||

[Jackie Quinn, 2016/05/11 22:05:01]

What happens if it gets overridden and there is a window.webkit.messageHandlers
object? Should we be using the override here, or should we always use the ivar?

[Eugene But (OOO till 7-30), 2016/05/12 13:59:15]

deleting |window.webkit| addresses all kinds of issues :)

+            __gCrWeb.webkitMessageHandlers;
+        messageHandlers[queueObject.scheme].postMessage(stringifiedMessage);
     });
     queueObject.reset();