Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issue 2730383002: Don't allow GuestView JS objects to inherit global prototype. (Closed)

Created:
3 years, 9 months ago by wjmaclean
Modified:
3 years, 9 months ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/pending/branch-heads/2987
Project:
chromium
Visibility:
Public.

Description

Don't allow GuestView JS objects to inherit global prototype. Allowing objects like GuestViewImpl and GuestViewContainer to inherit prototypes from the global JS object can allow arbitrary user code to be attached to these objects, and potentially executed. This CL prevents this by forcing the inherited __proto__ objects to be null. BUG=695476 Review-Url: https://codereview.chromium.org/2712913005 Cr-Commit-Position: refs/heads/master@{#452976} (cherry picked from commit 5934185d281ff83961832317620da5468e7cf703) Review-Url: https://codereview.chromium.org/2730383002 . Cr-Commit-Position: refs/branch-heads/2987@{#769} Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943} Committed: https://chromium.googlesource.com/chromium/src/+/c7ea20cf7c8188d36a92be706a234afef673235f

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+8 lines, -0 lines) Patch
M extensions/renderer/resources/guest_view/guest_view.js View 1 chunk +4 lines, -0 lines 0 comments Download
M extensions/renderer/resources/guest_view/guest_view_container.js View 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
wjmaclean
3 years, 9 months ago (2017-03-06 15:43:39 UTC) #2
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
c7ea20cf7c8188d36a92be706a234afef673235f.

Powered by Google App Engine
This is Rietveld 408576698