summaryrefslogtreecommitdiffstats
path: root/o3d
diff options
context:
space:
mode:
authorasargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-16 22:45:46 +0000
committerasargent@chromium.org <asargent@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-16 22:45:46 +0000
commit5be476f95d26c775356b1a991a9238b884aafc57 (patch)
treeb4ddf187ff3ce9ef79c3be72979a77fc13a96593 /o3d
parent036fb21029f58eac6a473847b30d068579286e39 (diff)
downloadchromium_src-5be476f95d26c775356b1a991a9238b884aafc57.zip
chromium_src-5be476f95d26c775356b1a991a9238b884aafc57.tar.gz
chromium_src-5be476f95d26c775356b1a991a9238b884aafc57.tar.bz2
Merge 34263 - Prevent 2 types of extension crashes.
If javascript code puts custom toJSON functions on Array.prototype, our extension API code detects malformed requests and kills the offending renderer. Also, the browser can crash if a browser action popup process dies (for various reasons, including this json serialization problem). BUG=29283 TEST=Create an extension with a browser action popup that loads prototype.js, and then calls chrome.tabs.update(). Before this change, the popup bubble will crash, and when you click away, crash the browser too. Review URL: http://codereview.chromium.org/466065 TBR=asargent@chromium.org Review URL: http://codereview.chromium.org/506044 git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@34769 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'o3d')
0 files changed, 0 insertions, 0 deletions