Issue 2449623002: Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 2449623002: Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden. (Closed)

Created:
4 years, 1 month ago by foolip

Modified:
4 years, 1 month ago

Reviewers:

CC:
chromium-reviews

Target Ref:
refs/pending/branch-heads/2883

Project:
chromium

Visibility:
Public.

Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden. It results in arbitrary code execution under ScriptForbiddenScopes. :( BUG=655904 Review-Url: https://codereview.chromium.org/2423623002 Cr-Commit-Position: refs/heads/master@{#425763} (cherry picked from commit 610b88604db99184334982ab982d758296718879) Committed: https://chromium.googlesource.com/chromium/src/+/e4aa8931b775f144de76b4ae3f335348f8e1e0ff

Created: 4 years, 1 month ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+6 lines, -0 lines)			Patch
	M	third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp	View		1 chunk	+6 lines, -0 lines	0 comments	Download

Total messages: 2 (1 generated)

foolip

4 years, 1 month ago (2016-10-24 20:52:51 UTC) #2

Message was sent while issue was closed.

Committed patchset #1 (id:1) manually as
e4aa8931b775f144de76b4ae3f335348f8e1e0ff.