diff options
| author | asargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-10 19:09:48 +0000 |
|---|---|---|
| committer | asargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-10 19:09:48 +0000 |
| commit | 62dcf31cba5757e978708e3dc8b4deb323a08cc5 (patch) | |
| tree | 862b7398fec60ced309a894653b4c9f208be021a /chrome/browser | |
| parent | 353f616bcb4cb5eb4b864ae174b2a5a9edcc1af0 (diff) | |
| download | chromium_src-62dcf31cba5757e978708e3dc8b4deb323a08cc5.zip chromium_src-62dcf31cba5757e978708e3dc8b4deb323a08cc5.tar.gz chromium_src-62dcf31cba5757e978708e3dc8b4deb323a08cc5.tar.bz2 | |
Prevent 2 types of extension crashes.
If javascript code puts custom toJSON functions on Array.prototype, our
extension API code detects malformed requests and kills the offending renderer.
Also, the browser can crash if a browser action popup process dies (for various
reasons, including this json serialization problem).
BUG=29283
TEST=Create an extension with a browser action popup that loads prototype.js, and then calls chrome.tabs.update().
Before this change, the popup bubble will crash, and when you click away, crash the browser too.
Review URL: http://codereview.chromium.org/466065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34263 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
| -rw-r--r-- | chrome/browser/views/browser_actions_container.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chrome/browser/views/browser_actions_container.cc b/chrome/browser/views/browser_actions_container.cc index 6cc71e4..b52db8c 100644 --- a/chrome/browser/views/browser_actions_container.cc +++ b/chrome/browser/views/browser_actions_container.cc @@ -302,6 +302,10 @@ void BrowserActionsContainer::RemoveBrowserAction(Extension* extension) { if (!extension->browser_action()) return; + if (popup_ && popup_->host()->extension() == extension) { + HidePopup(); + } + for (std::vector<BrowserActionView*>::iterator iter = browser_action_views_.begin(); iter != browser_action_views_.end(); ++iter) { |