Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow (Closed)

Created:
April 27, 2017, 9:04 p.m. by Manish Jethani

Modified:
May 10, 2017, 9:19 a.m.

Reviewers:
Sebastian Noack, kzar

CC:
Wladimir Palant

Base URL:
https://hg.adblockplus.org/adblockpluschrome/

Visibility:
Public.

Description

Issue 4586 - Prevent access to shadowRoot via contentWindow This improves on Dave's previous fix for this issue. Currently we're wrapping Element.prototype.shadowRoot. With this fix we also wrap HTMLIFrameElement.prototype.contentWindow to prevent access to the original shadowRoot via that route. We also have to hold on to references to certain APIs like Object.defineProperty and HTMLIFrameElement.prototype.sandbox, just in case those are overridden by the site to bypass us. I have tested this on Chrome 49 as well as the latest Chrome and it works fine.