Set prototype for GuestView*.prototype to null.

extensions/renderer/resources/guest_view/guest_view_events.js

Index: extensions/renderer/resources/guest_view/guest_view_events.js
diff --git a/extensions/renderer/resources/guest_view/guest_view_events.js b/extensions/renderer/resources/guest_view/guest_view_events.js
index e3ccde1a6c65c80541c333093677457cbbfcb5ab..f8334bfe36214e0fd4a7185a595ac43316f0b6d5 100644
--- a/extensions/renderer/resources/guest_view/guest_view_events.js
+++ b/extensions/renderer/resources/guest_view/guest_view_events.js
@@ -27,6 +27,10 @@ function GuestViewEvents(view) {
   this.setupEvents();
 }
 
+// Prevent GuestViewEvents inadvertently inheritng code from the global Object,

[lazyboy, 2017/03/13 18:15:14]

OK.
How about adding WebViewActionRequest and guest_view_attributes.js:Attribute as
well? Are there more?

[wjmaclean, 2017/03/13 19:34:48]

Done.

Will update. Yes, we are looking for more, but that search may take a while and
shouldn't block landing this CL.

[lazyboy, 2017/03/13 19:46:06]

Acknowledged.

+// allowing a pathway for unintended execution of user code.
+GuestViewEvents.prototype.__proto__ = null;
+
 // |GuestViewEvents.EVENTS| is a dictionary of extension events to be listened
 //     for, which specifies how each event should be handled. The events are
 //     organized by name, and by default will be dispatched as DOM events with