[webkit-reviews] review denied: [Bug 48375] Need delegate calls in PageLoaderClient to indicate if we have loaded insecure content : [Attachment 71940] proposed patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 26 14:56:22 PDT 2010


Sam Weinig <sam at webkit.org> has denied Alexey Proskuryakov <ap at webkit.org>'s
request for review:
Bug 48375: Need delegate calls in PageLoaderClient to indicate if we have
loaded insecure content
https://bugs.webkit.org/show_bug.cgi?id=48375

Attachment 71940: proposed patch
https://bugs.webkit.org/attachment.cgi?id=71940&action=review

------- Additional Comments from Sam Weinig <sam at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=71940&action=review

> WebKit2/ChangeLog:11
> +	   Added the delegate. Just like the bundle version, it misses
WebOrigin parameter that Mac
> +	   delegate call used to have. It doesn't seem necessary for clients.
> +

I believe the origin is necessary to implement origin tainting (eg. if a page
in one origin runs insecure content, we need to taint all other pages in that
origin).  This tracking may be something we should do in WebCore in WebKit
instead of in the app though.

> WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:785
> +
> +    RefPtr<APIObject> userData;
> +   
WebProcess::shared().connection()->send(Messages::WebPageProxy::DidDisplayInsec
ureContentForFrame(m_frame->frameID(),
InjectedBundleUserMessageEncoder(userData.get())), webPage->pageID());
>  }

This is just passing a null userData to the UIProcess.	We either need to pass
the userData to the bundle callback or not pass it to the UIProcess.

> WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:796
>     
webPage->injectedBundleLoaderClient().didRunInsecureContentForFrame(webPage,
m_frame);
> +
> +    RefPtr<APIObject> userData;
> +   
WebProcess::shared().connection()->send(Messages::WebPageProxy::DidRunInsecureC
ontentForFrame(m_frame->frameID(),
InjectedBundleUserMessageEncoder(userData.get())), webPage->pageID());

Here too.


More information about the webkit-reviews mailing list