Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(448)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ios/web/web_state/js/resources/message.js

Issue 1973683002: [ios] Protect JS messaging system from window.webkit object overriding. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated comments Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | ios/web/web_state/web_state_impl_unittest.mm » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ios/web/web_state/js/resources/message.js
diff --git a/ios/web/web_state/js/resources/message.js b/ios/web/web_state/js/resources/message.js
index e57133a79efc648d99a59fdf21ac548c5d3da7df..1525e7d224605b8c5445ab71c4f42f90bd8139c1 100644
--- a/ios/web/web_state/js/resources/message.js
+++ b/ios/web/web_state/js/resources/message.js
@@ -116,8 +116,14 @@ __gCrWeb.message = {};
"crwCommand": command,
"crwWindowId": __gCrWeb.windowId
});
+ // A web page can override |window.webkit| with any value. Deleting the
+ // object ensures that original and working implementation of
+ // window.webkit is restored.
+ var oldWebkit = window.webkit;
+ delete window.webkit;
window.webkit.messageHandlers[queueObject.scheme].postMessage(
stringifiedMessage);
+ window.webkit = oldWebkit;
});
queueObject.reset();
« no previous file with comments | « no previous file | ios/web/web_state/web_state_impl_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698