mojo/public/js/bindings/router.js - Issue 406993002: Validate incoming JS Message Headers

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: mojo/public/js/bindings/router.js

Issue 406993002: Validate incoming JS Message Headers Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: mojo/public/js/bindings/router.js

diff --git a/mojo/public/js/bindings/router.js b/mojo/public/js/bindings/router.js

index 2718e8b0b7805bec9a81350cadd95a6b8fb13d3f..4d7b829559336fa6113a325980ae6ff322787a56 100644

--- a/mojo/public/js/bindings/router.js

+++ b/mojo/public/js/bindings/router.js

@@ -3,9 +3,11 @@

// found in the LICENSE file.

define("mojo/public/js/bindings/router", [

+ "console",

abarth-chromium 2014/07/22 03:51:00 Production code shouldn't use |console|

hansmuller 2014/07/22 15:49:06 OK, I'll remove that.

"mojo/public/js/bindings/codec",

"mojo/public/js/bindings/connector",

-], function(codec, connector) {

+ "mojo/public/js/bindings/validator",

+], function(console, codec, connector, validator) {

function Router(handle) {

this.connector_ = new connector.Connector(handle);

@@ -60,7 +62,11 @@ define("mojo/public/js/bindings/router", [

};

Router.prototype.handleIncomingMessage_ = function(message) {

- var flags = message.getFlags();

+ var err = validator.validateMessageHeader(message);

+ if (err != validator.ValidationError.NONE)

+ this.close();

+ var flags = message.getHeaderFlags();

if (flags & codec.kMessageExpectsResponse) {

if (this.incomingReceiver_) {

this.incomingReceiver_.acceptWithResponder(message, this);