Set prototype for GuestView*.prototype to null.

extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This module implements helper objects for the dialog, newwindow, and
 // permissionrequest <webview> events.
 
 var MessagingNatives = requireNative('messaging_natives');
 var WebViewConstants = require('webViewConstants').WebViewConstants;
 var WebViewInternal = require('webViewInternal').WebViewInternal;
@@ skipping 19 matching lines @@
   this.requestId = event.requestId;
   this.actionTaken = false;
 
   // Add on the request information specific to the request type.
   for (var infoName in this.event.requestInfo) {
     this.event[infoName] = this.event.requestInfo[infoName];
     this.webViewEvent[infoName] = this.event.requestInfo[infoName];
   }
 }
 
+// Prevent GuestViewEvents inadvertently inheritng code from the global Object,
+// allowing a pathway for unintended execution of user code.
+// TODO(wjmaclean): Use utils.expose() here instead, track down other issues
+// of Object inheritance. https://crbug.com/701034
+WebViewActionRequest.prototype.__proto__ = null;
+
 // Performs the default action for the request.
 WebViewActionRequest.prototype.defaultAction = function() {
   // Do nothing if the action has already been taken or the requester is
   // already gone (in which case its guestInstanceId will be stale).
   if (this.actionTaken ||
       this.guestInstanceId != this.webViewImpl.guest.getId()) {
     return;
   }
 
   this.actionTaken = true;
@@ skipping 237 matching lines @@
 var WebViewActionRequests = {
   WebViewActionRequest: WebViewActionRequest,
   Dialog: Dialog,
   NewWindow: NewWindow,
   PermissionRequest: PermissionRequest,
   FullscreenPermissionRequest: FullscreenPermissionRequest
 };
 
 // Exports.
 exports.$set('WebViewActionRequests', WebViewActionRequests);