(Reviving this very old CL...)
I'm now investigating security exploits on detached iframes.
https://chromiumcodereview.appspot.com/101733002/diff/100001/src/api.cc
File src/api.cc (right):
https://chromiumcodereview.appspot.com/101733002/diff/100001/src/api.cc#newcode5417
src/api.cc:5417: global = i::Handle<i::Object>(context->global_object(),
isolate);
It looks like that this is doing something dangerous. When Blink calls
Context::Global for an detached iframe, it returns a global object
(which may be already used by another iframe), not the global proxy
object.
Is the TODO still valid?
https://chromiumcodereview.appspot.com/101733002/
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
