chromium_src.git - central chromium sources

diff options

author	fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-07-18 02:31:22 +0000
committer	fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-07-18 02:31:22 +0000
commit	e06008d85607737034793241216d5180df305580 (patch)
tree	9f129ed01a289a23a04afd800f6c9314627bb1dd /sync/android
parent	71dfbc3fde764c1df683ae7fb67e589d84f7b192 (diff)
download	chromium_src-e06008d85607737034793241216d5180df305580.zip chromium_src-e06008d85607737034793241216d5180df305580.tar.gz chromium_src-e06008d85607737034793241216d5180df305580.tar.bz2

<webview>: BrowserPluginHostMsg_RespondPermission IPC cleanup

Carrying around the permission type from the embedder to the browser process seems redundant. In fact, it also allows for a compromised app to crash the browser process: It can make a geolocation request, but pretend the response is something other than a GeolocationRequest. The request object in BrowserPluginGuest removes the request from the map, and the iterator becomes invalid. When we try to delete the request and remove the iterator, the browser process will crash. BUG=166165 Test=WebViewTest.* TBR=cdn@chromium.org for trivial browser_plugin_messages.h change. Review URL: https://chromiumcodereview.appspot.com/19448002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@212214 0039d316-1c4b-4281-b951-d872f2087c98

Diffstat (limited to 'sync/android')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: