diff options
author | Philip Jägenstedt <foolip@chromium.org> | 2016-10-24 22:47:43 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-03-16 14:47:41 +0000 |
commit | d194a3211caf26866985202eac9d5210f16a941f (patch) | |
tree | 64ea1513939854b9ede03935e3adf29ec5e29490 /chromium/third_party/WebKit/Source/web | |
parent | 37f6cbe03a42882caa1354d49f03aa015ded8b94 (diff) |
[Backport] Don't run handleEvent getter in V8EventListener::getListenerFunction if script is forbidden.
It results in arbitrary code execution under ScriptForbiddenScopes. :(
BUG=655904
Review-Url: https://codereview.chromium.org/2423623002
Cr-Commit-Position: refs/heads/master@{#425763}
(cherry picked from commit 610b88604db99184334982ab982d758296718879)
Review URL: https://codereview.chromium.org/2449623002 .
Cr-Commit-Position: refs/branch-heads/2883@{#259}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}
(CVE-2016-5207)
Change-Id: Id1491bae397bfbdc578894cac53ea7de0e5e62dc
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/third_party/WebKit/Source/web')
0 files changed, 0 insertions, 0 deletions