| Index: extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js
|
| diff --git a/extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js b/extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js
|
| index 5f4bf2c06078af6b2a4afc93cef0eb790cb73e40..6ca63a775c076f8acb3e2d8aa86c35625005b914 100644
|
| --- a/extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js
|
| +++ b/extensions/renderer/resources/guest_view/web_view/web_view_action_requests.js
|
| @@ -37,6 +37,12 @@ function WebViewActionRequest(webViewImpl, event, webViewEvent, interfaceName) {
|
| }
|
| }
|
|
|
| +// Prevent GuestViewEvents inadvertently inheritng code from the global Object,
|
| +// allowing a pathway for unintended execution of user code.
|
| +// TODO(wjmaclean): Use utils.expose() here instead, track down other issues
|
| +// of Object inheritance. https://crbug.com/701034
|
| +WebViewActionRequest.prototype.__proto__ = null;
|
| +
|
| // Performs the default action for the request.
|
| WebViewActionRequest.prototype.defaultAction = function() {
|
| // Do nothing if the action has already been taken or the requester is
|
|
|
Chromium Code Reviews
Issue 2745173002:
Set prototype for GuestView*.prototype to null. (Closed)
