[iOS] Make JS injection validation code robust to unexpected types

The result object returned by |WKWebView evaluateJavaScript completionHandler:| may have an unexpected type. The check to determine if the windowID has been injected should not crash if the result object has an unexpected type. Fixed: 1050940 Change-Id: I326d474e461286ed02b90191ab2868d15afe957d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2073059 Commit-Queue: Mike Dougherty <michaeldo@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Auto-Submit: Mike Dougherty <michaeldo@chromium.org> Cr-Commit-Position: refs/heads/master@{#744547}
Denger-Network · Feb 26, 2020 · bf850ac · bf850ac
1 parent e6bd38d
commit bf850ac
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/ios/web/js_messaging/crw_js_window_id_manager.mm b/ios/web/js_messaging/crw_js_window_id_manager.mm
@@ -65,8 +65,15 @@ - (void)inject {
                  return;
                }
 
-               DCHECK_EQ(CFBooleanGetTypeID(),
-                         CFGetTypeID((__bridge CFTypeRef)result));
+               // If |result| is an incorrect type, do not check its value.
+               // Also do not attempt to re-inject scripts as it may lead to
+               // endless recursion attempting to inject the scripts correctly.
+               if (result && CFBooleanGetTypeID() !=
+                                 CFGetTypeID((__bridge CFTypeRef)result)) {
+                 NOTREACHED();
+                 return;
+               }
+
                if (![result boolValue]) {
                  // WKUserScript has not been injected yet. Retry window id
                  // injection, because it is critical for the system to