| OLD | NEW |
|---|
| 1 <html> | 1 <html> |
| 2 <link rel="import" href="../resources/dump-as-text.sky" /> | 2 <import src="../resources/dump-as-text.sky" /> |
| 3 <link rel="import" href="resources/document-register-fuzz.sky" as="fuzzer" /> | 3 <import src="resources/document-register-fuzz.sky" as="fuzzer" /> |
| 4 <body> | 4 <body> |
| 5 <div id="container"></div> | 5 <div id="container"></div> |
| 6 Fuzzing document.registerElement() through getters. PASS uless crash. | 6 Fuzzing document.registerElement() through getters. PASS uless crash. |
| 7 <script> | 7 <script> |
| 8 var badPrototype = Image.prototype; | 8 var badPrototype = Image.prototype; |
| 9 var badConstructor = Image.prototype.constructor; | 9 var badConstructor = Image.prototype.constructor; |
| 10 | 10 |
| 11 fuzzer.setupObjectHooks({ | 11 fuzzer.setupObjectHooks({ |
| 12 prototypeGet: function() { return badPrototype; }, | 12 prototypeGet: function() { return badPrototype; }, |
| 13 prototypeSet: function(value) { }, | 13 prototypeSet: function(value) { }, |
| 14 constructorGet: function() { return badConstructor; }, | 14 constructorGet: function() { return badConstructor; }, |
| 15 constructorSet: function(value) { } | 15 constructorSet: function(value) { } |
| 16 }); | 16 }); |
| 17 | 17 |
| 18 fuzzer.exerciseDocumentRegister(); | 18 fuzzer.exerciseDocumentRegister(); |
| 19 </script> | 19 </script> |
| 20 </body> | 20 </body> |
| 21 </html> | 21 </html> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 694423002:
Replace <link rel="import"> with <import> (Closed)
Base URL: git@github.com:domokit/mojo.git@master