Issue 2574523004: Don't touch the prototype chain to get the private script controller.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 2574523004: Don't touch the prototype chain to get the private script controller. (Closed)

Created:
4 years ago by haraken

Modified:
4 years ago

Reviewers:

CC:
chromium-reviews

Target Ref:
refs/pending/branch-heads/2924

Project:
chromium

Visibility:
Public.

More Reviews

Description

Don't touch the prototype chain to get the private script controller. Prior to this patch, private scripts attempted to get the "privateScriptController" property off the global object without verifying if the property actually exists on the global. If the property hasn't been set yet, this operation could descend into the prototype chain and potentially return a named property from the WindowProperties object, leading to release asserts and general confusion. BUG=668552 Review-Url: https://codereview.chromium.org/2529163002 Cr-Commit-Position: refs/heads/master@{#434627} (cherry picked from commit c093b7a74ddce32dd3b0e0be60f31becc6ce32f9)

Patch Set 1 #

Created: 4 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+24 lines, -7 lines)			Patch
A	third_party/WebKit/LayoutTests/fast/dom/marquee-named-property-crash.html	View	1 chunk	+15 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/fast/dom/marquee-named-property-crash-expected.txt	View	1 chunk	+2 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/bindings/core/v8/PrivateScriptRunner.cpp	View	1 chunk	+6 lines, -6 lines	0 comments	Download
M	third_party/WebKit/Source/bindings/core/v8/PrivateScriptRunner.js	View	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages

haraken

4 years ago (2016-12-14 01:46:56 UTC) #1

Message was sent while issue was closed.

Committed patchset #1 (id:1) to pending queue manually as
3e810541d47ed6852e9fefde94c494fb8677c1a8.

Expand Messages | Collapse Messages