DescriptionFix for GuestView exposure through shift().
This patch converts all uses of shift() in the GuestView JavaScript
objects to use $Array.shift() instead. This will prevent GuestView
JavaScript objects from being exposed via overriding shift().
This patch also utilizes a weak pointer in
GuestViewContainer::OnHandleCallback() to ensure that |this| has not been
deleted in the callback, thus preventing further use-after-free bugs of
this type.
BUG=718292
Review-Url: https://codereview.chromium.org/2892253002
Cr-Commit-Position: refs/heads/master@{#474765}
Committed: https://chromium.googlesource.com/chromium/src/+/c3e0f34012c116cbfefa64683ac33f5ebe621618
Patch Set 1 #
Total comments: 1
Patch Set 2 : Removed WeakPtr from this patch. #
Messages
Total messages: 18 (11 generated)
|