[webkit-qt] A quick question regarding bindings of webcore and jsc

[yz8ra]

Hi all,

I am graduate student at University of Virginia, looking to improve some security features of webkit and I am currently looking at IsolatedWorld mechanism specifically. I wish to broaden its usage to protect the webpages against embedded third-party scripts.

I have a question here: 

in Class DOMWrapperWorld (WebCore/bindings/js/DOMWrapperWorld.h), there are two variables: JSC::JSGlobalData* m_globalData; and HashSet<Document*> m_documentsWithWrapperCaches; 

Upon initialization of the script execution, the DOMWrapperWorld is later used to create a JSDOMWindowShell, which contains two variables: JSDOMWindow* m_window; and the world itself. Correct me if I am wrong, this Windowshell is later used to create ExecState variable and then passed on to JavascriptCore as script runtime environment.

I want to know where does the javascript document tree object of the webpage resides in. Clearly the DOMWrapperWorld has a hashmap variable of document class, however I don't see there is any code touching that variable. In other words, when the browser encounters a script like "var a = 10;", where does the browser stores this variable? I assume it's gonna store it in one of the abovementioned data structures...

Many thanks in advance,

Best, 

2010-08-24 



Yuchen Zhou
Graduate student pursuing PhD degree
Computer Engineering Department
University of Virginia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-qt/attachments/20100824/d2af4f9e/attachment.html>