Issue 213693005: [Android] Block access to java.lang.Object.getClass in injected Java objects

Issue 213693005: [Android] Block access to java.lang.Object.getClass in injected Java objects (Closed)

Created:
6 years, 8 months ago by mnaganov (inactive)

Modified:
6 years, 8 months ago

Reviewers:
palmer, benm (inactive)

CC:
chromium-reviews, darin-cc_chromium.org, jam

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

[Android] Block access to java.lang.Object.getClass in injected Java objects Throws a java.lang.SecurityException on Browser UI thread when an attempt is made to execute java.lang.Object.getClass from JavaScript code via an injected Java object. BUG=359528 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=261801

Patch Set 1 #

Total comments: 2

Patch Set 2 : Fixed tests #

Created: 6 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+118 lines, -15 lines)			Patch
M	content/browser/renderer_host/java/java_bound_object.h	View		2 chunks	+3 lines, -0 lines	0 comments	Download
M	content/browser/renderer_host/java/java_bound_object.cc	View		8 chunks	+34 lines, -7 lines	0 comments	Download
M	content/public/android/javatests/src/org/chromium/content/browser/JavaBridgeBasicsTest.java	View	1	6 chunks	+81 lines, -8 lines	0 comments	Download

Messages

Total messages: 13 (0 generated)

Expand Messages | Collapse Messages

benm (inactive)

On 2014/04/03 20:20:42, benm wrote: > LGTM. > > +palmer for a look too. My ...

6 years, 8 months ago (2014-04-03 20:23:00 UTC) #3

palmer

LGTM, but see comments in the bug. https://chromiumcodereview.appspot.com/213693005/diff/1/content/browser/renderer_host/java/java_bound_object.cc File content/browser/renderer_host/java/java_bound_object.cc (right): https://chromiumcodereview.appspot.com/213693005/diff/1/content/browser/renderer_host/java/java_bound_object.cc#newcode52 content/browser/renderer_host/java/java_bound_object.cc:52: "Access to ...

6 years, 8 months ago (2014-04-03 21:53:58 UTC) #4

mnaganov (inactive)

Thanks, all! I've fixed the tests, sorry for not having this done in the first ...

6 years, 8 months ago (2014-04-04 10:16:49 UTC) #5

mnaganov (inactive)

The CQ bit was checked by mnaganov@chromium.org

6 years, 8 months ago (2014-04-04 10:18:13 UTC) #6