Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(230)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/renderer/resources/guest_view/guest_view.js

Issue 2712913005: Don't allow GuestView JS objects to inherit global prototype. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/renderer/resources/guest_view/guest_view_container.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/resources/guest_view/guest_view.js
diff --git a/extensions/renderer/resources/guest_view/guest_view.js b/extensions/renderer/resources/guest_view/guest_view.js
index 1f887a746b3572e23d2a7818d236c1f91422070f..939a0b18afcbb554969059aff812ff9e611beebb 100644
--- a/extensions/renderer/resources/guest_view/guest_view.js
+++ b/extensions/renderer/resources/guest_view/guest_view.js
@@ -45,6 +45,10 @@ function GuestViewImpl(guestView, viewType, guestInstanceId) {
this.setupOnResize();
}
+// Prevent GuestViewImpl inadvertently inheriting code from the global Object,
+// allowing a pathway for executing unintended user code execution.
+GuestViewImpl.prototype.__proto__ = null;
lazyboy 2017/02/24 22:27:57 A better solution is to use utils.expose() which a
+
// Possible states.
GuestViewImpl.GuestState = {
GUEST_STATE_START: 0,
« no previous file with comments | « no previous file | extensions/renderer/resources/guest_view/guest_view_container.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698