Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/resources/guest_view/guest_view.js

Issue 2730383002: Don't allow GuestView JS objects to inherit global prototype. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | extensions/renderer/resources/guest_view/guest_view_container.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This module implements a wrapper for a guestview that manages its 5 // This module implements a wrapper for a guestview that manages its
6 // creation, attaching, and destruction. 6 // creation, attaching, and destruction.
7 7
8 var CreateEvent = require('guestViewEvents').CreateEvent; 8 var CreateEvent = require('guestViewEvents').CreateEvent;
9 var EventBindings = require('event_bindings'); 9 var EventBindings = require('event_bindings');
10 var GuestViewInternal = 10 var GuestViewInternal =
(...skipping 27 matching lines...) Expand all
38 this.actionQueue = []; 38 this.actionQueue = [];
39 this.contentWindow = null; 39 this.contentWindow = null;
40 this.guestView = guestView; 40 this.guestView = guestView;
41 this.pendingAction = null; 41 this.pendingAction = null;
42 this.viewType = viewType; 42 this.viewType = viewType;
43 this.internalInstanceId = 0; 43 this.internalInstanceId = 0;
44 44
45 this.setupOnResize(); 45 this.setupOnResize();
46 } 46 }
47 47
48 // Prevent GuestViewImpl inadvertently inheriting code from the global Object,
49 // allowing a pathway for executing unintended user code execution.
50 GuestViewImpl.prototype.__proto__ = null;
51
48 // Possible states. 52 // Possible states.
49 GuestViewImpl.GuestState = { 53 GuestViewImpl.GuestState = {
50 GUEST_STATE_START: 0, 54 GUEST_STATE_START: 0,
51 GUEST_STATE_CREATED: 1, 55 GUEST_STATE_CREATED: 1,
52 GUEST_STATE_ATTACHED: 2 56 GUEST_STATE_ATTACHED: 2
53 }; 57 };
54 58
55 // Sets up the onResize property on the GuestView. 59 // Sets up the onResize property on the GuestView.
56 GuestViewImpl.prototype.setupOnResize = function() { 60 GuestViewImpl.prototype.setupOnResize = function() {
57 $Object.defineProperty(this.guestView, PROPERTY_ON_RESIZE, { 61 $Object.defineProperty(this.guestView, PROPERTY_ON_RESIZE, {
(...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after
346 // Returns the ID for this guestview. 350 // Returns the ID for this guestview.
347 GuestView.prototype.getId = function() { 351 GuestView.prototype.getId = function() {
348 var internal = privates(this).internal; 352 var internal = privates(this).internal;
349 return internal.id; 353 return internal.id;
350 }; 354 };
351 355
352 // Exports 356 // Exports
353 exports.$set('GuestView', GuestView); 357 exports.$set('GuestView', GuestView);
354 exports.$set('GuestViewImpl', GuestViewImpl); 358 exports.$set('GuestViewImpl', GuestViewImpl);
355 exports.$set('ResizeEvent', ResizeEvent); 359 exports.$set('ResizeEvent', ResizeEvent);
OLDNEW
« no previous file with comments | « no previous file | extensions/renderer/resources/guest_view/guest_view_container.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698