[webkit-reviews] review denied: [Bug 35773] [chromium] add logging of cross-frame property accesses for site isolation : [Attachment 51468] patch using FrameLoaderClient

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 24 00:04:47 PDT 2010 

Darin Fisher (:fishd, Google) <fishd at chromium.org> has denied John Gregg
<johnnyg at google.com>'s request for review:
Bug 35773: [chromium] add logging of cross-frame property accesses for site
isolation
https://bugs.webkit.org/show_bug.cgi?id=35773

Attachment 51468: patch using FrameLoaderClient
https://bugs.webkit.org/attachment.cgi?id=51468&action=review

------- Additional Comments from Darin Fisher (:fishd, Google)
<fishd at chromium.org>
ndex: WebCore/bindings/v8/V8Utilities.cpp
...
> +void logSiteIsolationAccess(v8::Local<v8::String> name, const
v8::AccessorInfo& info)
> +{
> +    Frame* target = V8DOMWindow::toNative(info.Holder())->frame();
> +    Frame* active = V8BindingState::Only()->getActiveWindow()->frame();
> +    if (target == active)
> +	   return;
> +
> +    bool crossSite =
!V8BindingSecurity::canAccessFrame(V8BindingState::Only(), target, false);
> +    String propName = toWebCoreString(name);
> +
> +    // For cross-site, we also want to identify the current event to record
repeat accesses.

It would be helpful if this comment explained why we want to do this for
cross-site only.

What happens if this code is reached from within an isolated world?


> +    unsigned long long eventId = 0;
> +    if (crossSite) {
> +	   v8::HandleScope handleScope;
> +	   v8::Handle<v8::Context> v8Context =
V8Proxy::mainWorldContext(active);
> +	   if (!v8Context.IsEmpty()) {
> +	       v8::Context::Scope scope(v8Context);
> +	       v8::Handle<v8::Object> global = v8Context->Global();
> +	       v8::Handle<v8::Value> jsEvent =
global->Get(v8::String::NewSymbol("event"));
> +	       if (V8DOMWrapper::isValidDOMObject(jsEvent))
> +		   eventId = (unsigned long long)
V8Event::toNative(v8::Handle<v8::Object>::Cast(jsEvent));
> +	   }
> +    }
> +    active->loader()->client()->didMakeCrossFrameAccess(crossSite, propName,
eventId);
> +}

it might be nice to make these function names, logSiteIsolationAccess and
didMakeCrossFrameAccess, be related.  also, isn't this code running *before*
the cross frame access?  probably that "did" should be a "will"?

could it be useful to pass the target frame as a parameter to
didMakeCrossFrameAccess?  then, the embedder could gather additional
information from the target frame if needed.  maybe that is not useful?


> Index: WebKit/chromium/public/WebFrameClient.h
...
> +    // Notifies that a cross-frame access was made.
> +    virtual void didMakeCrossFrameAccess(WebFrame*, bool crossOrigin, const
WebString& property, unsigned long long) { }

nit: please name the 'unsigned long long' argument.
nit: the comment is redundant with the method name, so it should probably be
eliminated.

More information about the webkit-reviews mailing list