[webkit-dev] Isolated world tests

[Adam Barth]

On Wed, Jul 1, 2009 at 5:06 PM, Oliver Hunt<oliver at apple.com> wrote:
> Extensions are not a feature of webkit, they are a feature of the browser,
> so it seems strange that tests for them would exist in the webkit
> repository.

I should explain the feature in more detail.  The way things currently
work is that DOM objects are in one-to-one coorespondence with
JavaScript object wrappers.  With this new feature, there is a
one-to-many coorespondence: each DOM object has a separate wrapper for
each "world."  That way, when the page looks at a DOM object, it sees
one view, but when the extension's script looks at the same DOM
object, it see a different view.  This protects the extension's script
from the page by preventing the page from doing sneaky things like
redefining appendChild.

The implementation of this feature exists in the WebCore bindings
layer because the bindings layer has to understand that DOM objects
might have multiple wrappers and the bindings layer has to select the
right wrapper at the right time.  The goal of the tests is to ensure
that the bindings layer always selects the right wrapper, etc.  The
tests won't depend on the rest of the extension system in any way.
For example, none of the extension APIs will be visible to the tests.

At a higher level, I could certainly go with option (3) and put the
tests at chromium.org, but then you'd see a bunch of patches to
WebCore/bindings/v8 without tests and I'd have to land the fixes and
the tests in different commits to different trees.

> If this isolated world concept was not specific to chromium -- eg. it was
> being exposed potentially as a "sandboxing" api for web content such that a
> page would be able provide an execution context for untrusted executable
> content, but this sounds like it is specifically for extensions in a webkit
> client application.

That's conceivable, but I know of no such proposal.

Adam