[webkit-dev] On adding 'console.memory' API (and about the whole 'console' object.)

James Robinson jamesr at google.com
Fri Jun 4 12:31:44 PDT 2010


How?  Visited state information is not stored in the javascript heap (which
is what this object contains information about).

- James

On Fri, Jun 4, 2010 at 12:06 PM, David Hyatt <hyatt at apple.com> wrote:

> I'm fairly certain I could construct an attack on :visited history privacy
> using this object.
>
> dave
>
> On Jun 4, 2010, at 2:02 PM, Ojan Vafai wrote:
>
> On Fri, Jun 4, 2010 at 11:27 AM, Sam Weinig <sam.weinig at gmail.com> wrote:
>
>> After talking it over with some folks here at Apple, I want to formally
>> object to adding the Console.memory extension to the Console object and I
>> think we should remove support for Console.profiles as soon as we can.  They
>> both provide information to users that are not generally useful (beyond the
>> "continuous integration/buildbot" use-case which I think is of limited
>> utility) and therefore should not be exposed to the web.
>>
>
> Why is the continuous integration/buildbot use-case of limited utility? Or
> are you saying that Console.memory doesn't really support that use-case
> well? I think we want to make it as easy as possible for complex apps (e.g.
> email apps, mapping apps, etc.) to care about and monitor memory use.
>
> While I'm not convinced by the utility argument, I do buy the security
> argument. How would you feel about leaving the code in, but disabling it by
> default? Then it could be enabled by command-line or via a preference.
>
> That said, I'm OK with rolling back for now given that the code was
> committed without this discussion actually coming to a conclusion.
>
> Ojan
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100604/5f80349f/attachment.html>


More information about the webkit-dev mailing list