[Webkit-unassigned] [Bug 32368] New: Add defensive initialization of iframe sandbox flags

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 10 01:50:38 PST 2009


https://bugs.webkit.org/show_bug.cgi?id=32368

           Summary: Add defensive initialization of iframe sandbox flags
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P3
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: patrik.j.persson at ericsson.com
                CC: darin at apple.com


This is a followup to bug 21288, which concerned the implementation of
the HTML5 iframe sandbox attribute.  I'm curious whether it would be
possible to use more defensive initial values for the sandbox flags
than the current default of "SandboxNone" (indicating no sandboxing at
all).

This defensive technique is, to me, primarily about finding current
bugs and preventing future ones.  It is a design challenge rather than
a functional bug, so I don't have a test case to share.

Three classes contain such sandbox flags: HTMLFrameOwnerElement,
FrameLoader and SecurityOrigin.  I imagine three steps:

  1. On object instantiation, the sandbox flags are set to a defensive
     default value (SandboxAll, possibly including a special flag
     indicating an illegal value).

  2. At some point between 1 and 3, we know of a better value for the
     sandbox flags, and assign that value to the flags.

  3. We now start making decisions based on the sandbox flags.  To
     ensure that step 2 actually happened, we could ASSERT that the
     flag for an illegal value is not set.

The design challenge is to ensure step 2 always happens before step 3.
It was straight-forward for the FrameLoader (that part was included in
the landed patch for bug 21288), but not for HTMLFrameOwnerElement and
SecurityOrigin.  I wrote down some observations on this in the thread
for bug 21288, comment #58:

https://bugs.webkit.org/show_bug.cgi?id=21288#c58

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list