Fix possible null deref for JavascriptBindingApiAllowOrigins

In IsJavascriptBindingApiAllowed, added a null check for JavascriptBindingApiAllowOrigins
to prevent a potential null dereference if JavascriptBindingApiHasAllowOrigins is true
but the allowOrigins list itself was null.

Author: Luca Sonntag

CefSharp.BrowserSubprocess.Core/CefAppUnmanagedWrapper.cpp

@@ -356,6 +356,12 @@ namespace CefSharp
                 return true;
             }
 
+            auto allowOrigins = browserWrapper->JavascriptBindingApiAllowOrigins;
+            if (!allowOrigins.get())
+            {
+                return false;
+            }
+
             auto frameUrl = frame->GetURL();
 
             CefURLParts frameUrlParts;
@@ -372,11 +378,11 @@ namespace CefSharp
 
                 auto frameUrlOrigin = CefString(originStr, originLen);
 
-                auto size = static_cast<int>(browserWrapper->JavascriptBindingApiAllowOrigins->GetSize());
+                auto size = static_cast<int>(allowOrigins->GetSize());
 
                 for (int i = 0; i < size; i++)
                 {
-                    auto origin = browserWrapper->JavascriptBindingApiAllowOrigins->GetString(i);
+                    auto origin = allowOrigins->GetString(i);
                     auto frameOriginPtr = reinterpret_cast<const wchar_t*>(frameUrlOrigin.c_str());
                     auto allowedOriginPtr = reinterpret_cast<const wchar_t*>(origin.c_str());