Only access a plugin's scriptable object, and not also its prototype chain
BUG=chromium:619166
R=haraken@chromium.org
Review-Url: https://codereview.chromium.org/2084183004
Cr-Commit-Position: refs/heads/master@{#401579}
diff --git a/third_party/WebKit/Source/bindings/core/v8/custom/V8HTMLPlugInElementCustom.cpp b/third_party/WebKit/Source/bindings/core/v8/custom/V8HTMLPlugInElementCustom.cpp
index b277398..b484a5e 100644
--- a/third_party/WebKit/Source/bindings/core/v8/custom/V8HTMLPlugInElementCustom.cpp
+++ b/third_party/WebKit/Source/bindings/core/v8/custom/V8HTMLPlugInElementCustom.cpp
@@ -53,13 +53,11 @@
if (instance.IsEmpty())
return;
- v8::Local<v8::Value> value;
- if (!instance->Get(info.GetIsolate()->GetCurrentContext(), property).ToLocal(&value))
+ if (!v8CallBoolean(instance->HasOwnProperty(info.GetIsolate()->GetCurrentContext(), property)))
return;
- // We quit here to allow the binding code to look up general HTMLObjectElement properties
- // if they are not overriden by plugin.
- if (value->IsUndefined() && !v8CallBoolean(instance->Has(info.GetIsolate()->GetCurrentContext(), property)))
+ v8::Local<v8::Value> value;
+ if (!instance->Get(info.GetIsolate()->GetCurrentContext(), property).ToLocal(&value))
return;
v8SetReturnValue(info, value);
@@ -87,8 +85,7 @@
// DOM element will also be set. For plugin's that don't intercept the call
// (all except gTalk) this makes no difference at all. For gTalk the fact
// that the property on the DOM element also gets set is inconsequential.
- v8::Maybe<bool> unused = instance->Set(info.GetIsolate()->GetCurrentContext(), property, value);
- ALLOW_UNUSED_LOCAL(unused);
+ v8CallBoolean(instance->CreateDataProperty(info.GetIsolate()->GetCurrentContext(), property, value));
}
} // namespace
