qt/qtwebengine-chromium.git - Vendor branch of Chromium. This is a submodule of qtwebengine

diff options

author	Philip Jägenstedt <foolip@chromium.org>	2016-10-24 22:47:43 +0200
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2017-03-16 14:47:41 +0000
commit	d194a3211caf26866985202eac9d5210f16a941f (patch)
tree	64ea1513939854b9ede03935e3adf29ec5e29490 /chromium/third_party/WebKit/Source/web
parent	37f6cbe03a42882caa1354d49f03aa015ded8b94 (diff)

[Backport] Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden.

It results in arbitrary code execution under ScriptForbiddenScopes. :( BUG=655904 Review-Url: https://codereview.chromium.org/2423623002 Cr-Commit-Position: refs/heads/master@{#425763} (cherry picked from commit 610b88604db99184334982ab982d758296718879) Review URL: https://codereview.chromium.org/2449623002 . Cr-Commit-Position: refs/branch-heads/2883@{#259} Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768} (CVE-2016-5207) Change-Id: Id1491bae397bfbdc578894cac53ea7de0e5e62dc Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>

Diffstat (limited to 'chromium/third_party/WebKit/Source/web')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: