diff options
| author | rdevlin.cronin <rdevlin.cronin@chromium.org> | 2015-10-28 14:43:58 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-10-28 21:44:52 +0000 |
| commit | 83a4b3aa72d98fe4176b4a54c8cea227ed966570 (patch) | |
| tree | b945cea0a7bd5e5b25a3ff9a6a8be834adf0b84b /extensions/renderer/module_system.cc | |
| parent | 6d9425ec7badda912555d46ea7abcfab81fdd9b9 (diff) | |
| download | chromium_src-83a4b3aa72d98fe4176b4a54c8cea227ed966570.zip chromium_src-83a4b3aa72d98fe4176b4a54c8cea227ed966570.tar.gz chromium_src-83a4b3aa72d98fe4176b4a54c8cea227ed966570.tar.bz2 | |
[Extensions] Don't allow built-in extensions code to be overridden
BUG=546677
Review URL: https://codereview.chromium.org/1417513003
Cr-Commit-Position: refs/heads/master@{#356654}
Diffstat (limited to 'extensions/renderer/module_system.cc')
| -rw-r--r-- | extensions/renderer/module_system.cc | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/extensions/renderer/module_system.cc b/extensions/renderer/module_system.cc index e760849..5005fca 100644 --- a/extensions/renderer/module_system.cc +++ b/extensions/renderer/module_system.cc @@ -96,6 +96,20 @@ class DefaultExceptionHandler : public ModuleSystem::ExceptionHandler { } }; +// Sets a property on the "exports" object for bindings. Called by JS with +// exports.$set(<key>, <value>). +void SetExportsProperty( + const v8::FunctionCallbackInfo<v8::Value>& args) { + v8::Local<v8::Object> obj = args.This(); + DCHECK_EQ(2, args.Length()); + DCHECK(args[0]->IsString()); + v8::Maybe<bool> result = + obj->DefineOwnProperty(args.GetIsolate()->GetCurrentContext(), + args[0]->ToString(), args[1], v8::ReadOnly); + if (!result.FromMaybe(false)) + LOG(ERROR) << "Failed to set private property on the export."; +} + } // namespace std::string ModuleSystem::ExceptionHandler::CreateExceptionString( @@ -642,7 +656,25 @@ v8::Local<v8::Value> ModuleSystem::LoadModule(const std::string& module_name) { v8::Local<v8::Object> define_object = v8::Object::New(GetIsolate()); gin::ModuleRegistry::InstallGlobals(GetIsolate(), define_object); - v8::Local<v8::Value> exports = v8::Object::New(GetIsolate()); + v8::Local<v8::Object> exports = v8::Object::New(GetIsolate()); + + v8::Local<v8::FunctionTemplate> tmpl = v8::FunctionTemplate::New( + GetIsolate(), + &SetExportsProperty); + v8::Local<v8::String> v8_key; + if (!v8_helpers::ToV8String(GetIsolate(), "$set", &v8_key)) { + NOTREACHED(); + return v8::Undefined(GetIsolate()); + } + + v8::Local<v8::Function> function; + if (!tmpl->GetFunction(v8_context).ToLocal(&function)) { + NOTREACHED(); + return v8::Undefined(GetIsolate()); + } + + exports->ForceSet(v8_key, function, v8::ReadOnly); + v8::Local<v8::Object> natives(NewInstance()); CHECK(!natives.IsEmpty()); // this can fail if v8 has issues |