Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(315)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp

Issue 445333005: DevTools: Fix tainted Function.prototype methods may disable console. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/inspector/console/console-tainted-globals-expected.txt ('k') | Source/core/inspector/InjectedScriptExterns.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp
diff --git a/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp b/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp
index 6339b35ee0eaf707f2d36f36ae4271dc1a6f5fdd..2a39ed306b61fe4ca2b8ce7458bed12c2b3b6e54 100644
--- a/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp
+++ b/Source/bindings/core/v8/custom/V8InjectedScriptHostCustom.cpp
@@ -473,25 +473,45 @@ void V8InjectedScriptHost::unmonitorFunctionMethodCustom(const v8::FunctionCallb
host->unmonitorFunction(scriptId, lineNumber, columnNumber);
}
-void V8InjectedScriptHost::suppressWarningsAndCallMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info)
+void V8InjectedScriptHost::callFunctionMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info)
{
- if (info.Length() < 2 || !info[0]->IsObject() || !info[1]->IsFunction())
+ if (info.Length() < 2 || info.Length() > 3 || !info[0]->IsFunction()) {
+ ASSERT_NOT_REACHED();
return;
+ }
+ if (info.Length() == 3 && !info[2]->IsArray()) {
+ ASSERT_NOT_REACHED();
yurys 2014/08/07 16:54:03 In theory InjectedScriptHost can leak into the pag
+ return;
+ }
- InjectedScriptHost* host = V8InjectedScriptHost::toNative(info.Holder());
- ScriptDebugServer& debugServer = host->scriptDebugServer();
- debugServer.muteWarningsAndDeprecations();
+ v8::Handle<v8::Function> function = v8::Handle<v8::Function>::Cast(info[0]);
+ v8::Handle<v8::Value> receiver = info[1];
- v8::Handle<v8::Object> receiver = v8::Handle<v8::Object>::Cast(info[0]);
- v8::Handle<v8::Function> function = v8::Handle<v8::Function>::Cast(info[1]);
- size_t argc = info.Length() - 2;
+ if (info.Length() < 3) {
+ v8::Local<v8::Value> result = function->Call(receiver, 0, 0);
+ v8SetReturnValue(info, result);
+ return;
+ }
+
+ v8::Handle<v8::Array> arguments = v8::Handle<v8::Array>::Cast(info[2]);
+ size_t argc = arguments->Length();
OwnPtr<v8::Handle<v8::Value>[]> argv = adoptArrayPtr(new v8::Handle<v8::Value>[argc]);
for (size_t i = 0; i < argc; ++i)
- argv[i] = info[i + 2];
+ argv[i] = arguments->Get(i);
v8::Local<v8::Value> result = function->Call(receiver, argc, argv.get());
- debugServer.unmuteWarningsAndDeprecations();
v8SetReturnValue(info, result);
}
+void V8InjectedScriptHost::suppressWarningsAndCallFunctionMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& info)
+{
+ InjectedScriptHost* host = V8InjectedScriptHost::toNative(info.Holder());
+ ScriptDebugServer& debugServer = host->scriptDebugServer();
+ debugServer.muteWarningsAndDeprecations();
+
+ callFunctionMethodCustom(info);
+
+ debugServer.unmuteWarningsAndDeprecations();
+}
+
} // namespace blink
« no previous file with comments | « LayoutTests/inspector/console/console-tainted-globals-expected.txt ('k') | Source/core/inspector/InjectedScriptExterns.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698