[Extensions] Don't allow gin::Define to be overridden

Use DefineOwnProperty instead of Set in for gin, including gin::Define. Replace Set in v8_helpers as well, to avoid the same problem. Also update callsites from JS to CHECK expected arguments, rather than DCHECK (since receiving unexpected arguments likely means executing untrusted code). BUG=549986 Review URL: https://codereview.chromium.org/1433293004 Cr-Commit-Position: refs/heads/master@{#359460}
author: rdevlin.cronin <rdevlin.cronin@chromium.org> 2015-11-12 17:14:47 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-11-13 01:16:25 +0000
commit: 415b73b1a400a994a86e6f29709aa0271e895dd5 (patch)
tree: b2064603d7bcf31762c4f6f148dfc64f1953d4e9 /extensions/renderer/v8_helpers.h
parent: 38b1bde891a3a7b98c016ef3c34f5df70183fd8e (diff)
download: chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.zip
chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.tar.gz
chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.tar.bz2
1 files changed, 12 insertions, 10 deletions
diff --git a/extensions/renderer/v8_helpers.h b/extensions/renderer/v8_helpers.h
index 2bfeee8..0c9a47c 100644
--- a/extensions/renderer/v8_helpers.h
+++ b/extensions/renderer/v8_helpers.h
@@ -7,6 +7,7 @@
 
 #include <string.h>
 
+#include "base/strings/string_number_conversions.h"
 #include "v8/include/v8.h"
 
 namespace extensions {
@@ -56,19 +57,13 @@ inline bool IsEmptyOrUndefied(v8::Local<v8::Value> value) {
   return value.IsEmpty() || value->IsUndefined();
 }
 
-// SetProperty() family wraps V8::Object::Set(). Returns true on success.
+// SetProperty() family wraps V8::Object::DefineOwnProperty().
+// Returns true on success.
 inline bool SetProperty(v8::Local<v8::Context> context,
                         v8::Local<v8::Object> object,
-                        v8::Local<v8::Value> key,
+                        v8::Local<v8::String> key,
                         v8::Local<v8::Value> value) {
-  return IsTrue(object->Set(context, key, value));
-}
-
-inline bool SetProperty(v8::Local<v8::Context> context,
-                        v8::Local<v8::Object> object,
-                        uint32_t index,
-                        v8::Local<v8::Value> value) {
-  return IsTrue(object->Set(context, index, value));
+  return IsTrue(object->DefineOwnProperty(context, key, value));
 }
 
 inline bool SetProperty(v8::Local<v8::Context> context,
@@ -81,6 +76,13 @@ inline bool SetProperty(v8::Local<v8::Context> context,
   return SetProperty(context, object, v8_key, value);
 }
 
+inline bool SetProperty(v8::Local<v8::Context> context,
+                        v8::Local<v8::Object> object,
+                        uint32_t index,
+                        v8::Local<v8::Value> value) {
+  return SetProperty(context, object, base::UintToString(index).c_str(), value);
+}
+
 // GetProperty() family calls V8::Object::Get() and extracts a value from
 // returned MaybeLocal. Returns true on success.
 template <typename Key>
author	rdevlin.cronin <rdevlin.cronin@chromium.org>	2015-11-12 17:14:47 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-11-13 01:16:25 +0000
commit	415b73b1a400a994a86e6f29709aa0271e895dd5 (patch)
tree	b2064603d7bcf31762c4f6f148dfc64f1953d4e9 /extensions/renderer/v8_helpers.h
parent	38b1bde891a3a7b98c016ef3c34f5df70183fd8e (diff)
download	chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.zip chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.tar.gz chromium_src-415b73b1a400a994a86e6f29709aa0271e895dd5.tar.bz2