diff options
| author | jochen <jochen@chromium.org> | 2015-10-29 09:21:24 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-10-29 16:22:06 +0000 |
| commit | 520e622d4d7a0e8e94b1e528f426070c604171c8 (patch) | |
| tree | e887acfbcd62d4bb4ad24f419334cfd7762d84a5 /extensions/renderer | |
| parent | 5d98eb9ffa726aee7605b096fe90035191a1463a (diff) | |
| download | chromium_src-520e622d4d7a0e8e94b1e528f426070c604171c8.zip chromium_src-520e622d4d7a0e8e94b1e528f426070c604171c8.tar.gz chromium_src-520e622d4d7a0e8e94b1e528f426070c604171c8.tar.bz2 | |
Don't use calling context in chrome
Usually, calling context should be equal to current context. Then using the
current context is easier, and it's always defined what it is.
If they are different, and have different privileges, the check on calling
context does not prevent anything, because an attacker can freely chose it.
It's, however, also not safer to use the current context in that situation...
contexts with different privileges must not have access to each other.
BUG=541703
Review URL: https://codereview.chromium.org/1401913003
Cr-Commit-Position: refs/heads/master@{#356864}
Diffstat (limited to 'extensions/renderer')
| -rw-r--r-- | extensions/renderer/console.cc | 2 | ||||
| -rw-r--r-- | extensions/renderer/module_system.cc | 2 | ||||
| -rw-r--r-- | extensions/renderer/object_backed_native_handler.cc | 2 | ||||
| -rw-r--r-- | extensions/renderer/safe_builtins.cc | 2 | ||||
| -rw-r--r-- | extensions/renderer/script_context_set.cc | 6 | ||||
| -rw-r--r-- | extensions/renderer/script_context_set.h | 4 |
6 files changed, 4 insertions, 14 deletions
diff --git a/extensions/renderer/console.cc b/extensions/renderer/console.cc index b763e8e..c2a93c2 100644 --- a/extensions/renderer/console.cc +++ b/extensions/renderer/console.cc @@ -43,7 +43,7 @@ void BoundLogMethodCallback(const v8::FunctionCallbackInfo<v8::Value>& info) { message += *v8::String::Utf8Value(info[i]); } - v8::Local<v8::Context> context = info.GetIsolate()->GetCallingContext(); + v8::Local<v8::Context> context = info.GetIsolate()->GetCurrentContext(); if (context.IsEmpty()) { LOG(WARNING) << "Could not log \"" << message << "\": no context given"; return; diff --git a/extensions/renderer/module_system.cc b/extensions/renderer/module_system.cc index 5005fca..b828ca0 100644 --- a/extensions/renderer/module_system.cc +++ b/extensions/renderer/module_system.cc @@ -67,7 +67,7 @@ void Fatal(ScriptContext* context, const std::string& message) { void Warn(v8::Isolate* isolate, const std::string& message) { ScriptContext* script_context = - ScriptContextSet::GetContextByV8Context(isolate->GetCallingContext()); + ScriptContextSet::GetContextByV8Context(isolate->GetCurrentContext()); console::Warn(script_context ? script_context->GetRenderFrame() : nullptr, message); } diff --git a/extensions/renderer/object_backed_native_handler.cc b/extensions/renderer/object_backed_native_handler.cc index 060606b..879da23 100644 --- a/extensions/renderer/object_backed_native_handler.cc +++ b/extensions/renderer/object_backed_native_handler.cc @@ -46,7 +46,7 @@ void ObjectBackedNativeHandler::Router( if (handler_function_value.IsEmpty() || handler_function_value->IsUndefined()) { ScriptContext* script_context = ScriptContextSet::GetContextByV8Context( - args.GetIsolate()->GetCallingContext()); + args.GetIsolate()->GetCurrentContext()); console::Error(script_context ? script_context->GetRenderFrame() : nullptr, "Extension view no longer exists"); return; diff --git a/extensions/renderer/safe_builtins.cc b/extensions/renderer/safe_builtins.cc index 96fb155..bf44e96 100644 --- a/extensions/renderer/safe_builtins.cc +++ b/extensions/renderer/safe_builtins.cc @@ -205,7 +205,7 @@ class ExtensionImpl : public v8::Extension { CHECK(info.Length() == 2 && info[0]->IsString() && info[1]->IsObject()); SaveImpl(*v8::String::Utf8Value(info[0]), info[1], - info.GetIsolate()->GetCallingContext()); + info.GetIsolate()->GetCurrentContext()); } }; diff --git a/extensions/renderer/script_context_set.cc b/extensions/renderer/script_context_set.cc index f3a1111..84cf02d 100644 --- a/extensions/renderer/script_context_set.cc +++ b/extensions/renderer/script_context_set.cc @@ -71,12 +71,6 @@ ScriptContext* ScriptContextSet::GetCurrent() const { : nullptr; } -ScriptContext* ScriptContextSet::GetCalling() const { - v8::Isolate* isolate = v8::Isolate::GetCurrent(); - v8::Local<v8::Context> calling = isolate->GetCallingContext(); - return calling.IsEmpty() ? nullptr : GetByV8Context(calling); -} - ScriptContext* ScriptContextSet::GetByV8Context( const v8::Local<v8::Context>& v8_context) const { for (ScriptContext* script_context : contexts_) { diff --git a/extensions/renderer/script_context_set.h b/extensions/renderer/script_context_set.h index 8ca3dbf..68cbd3b 100644 --- a/extensions/renderer/script_context_set.h +++ b/extensions/renderer/script_context_set.h @@ -69,10 +69,6 @@ class ScriptContextSet { // NULL if no such context exists. ScriptContext* GetCurrent() const; - // Gets the ScriptContext corresponding to v8::Context::GetCalling(), or - // NULL if no such context exists. - ScriptContext* GetCalling() const; - // Gets the ScriptContext corresponding to the specified // v8::Context or NULL if no such context exists. ScriptContext* GetByV8Context(const v8::Local<v8::Context>& context) const; |