| Index: extensions/renderer/resources/guest_view/guest_view_events.js
|
| diff --git a/extensions/renderer/resources/guest_view/guest_view_events.js b/extensions/renderer/resources/guest_view/guest_view_events.js
|
| index e3ccde1a6c65c80541c333093677457cbbfcb5ab..9f6bdfa01718310ee11d6d1055fb06f27e77ece6 100644
|
| --- a/extensions/renderer/resources/guest_view/guest_view_events.js
|
| +++ b/extensions/renderer/resources/guest_view/guest_view_events.js
|
| @@ -27,6 +27,12 @@ function GuestViewEvents(view) {
|
| this.setupEvents();
|
| }
|
|
|
| +// Prevent GuestViewEvents inadvertently inheritng code from the global Object,
|
| +// allowing a pathway for unintended execution of user code.
|
| +// TODO(wjmaclean): Use utils.expose() here instead, track down other issues
|
| +// of Object inheritance. https://crbug.com/701034
|
| +GuestViewEvents.prototype.__proto__ = null;
|
| +
|
| // |GuestViewEvents.EVENTS| is a dictionary of extension events to be listened
|
| // for, which specifies how each event should be handled. The events are
|
| // organized by name, and by default will be dispatched as DOM events with
|
|
|
Chromium Code Reviews
Issue 2745173002:
Set prototype for GuestView*.prototype to null. (Closed)
