[Webkit-unassigned] [Bug 32554] New: Create injected script instance per inspected frame context

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 15 05:42:55 PST 2009


https://bugs.webkit.org/show_bug.cgi?id=32554

           Summary: Create injected script instance per inspected frame
                    context
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: ASSIGNED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: yurys at chromium.org
                CC: timothy at hatcher.name, abarth at webkit.org,
                    pfeldman at chromium.org
            Blocks: 31587


Currently there is one InjectedScript instance per inspected page which means
that it has access to all frames contents. This may lead to security problems.
To protect against them WebKit uses quaranined objects, Chromium currently has
utility context which basically has the same proviledges as the main frame in
the page. Would much better to have each InjectedScript instance access exactly
one frame and send all data in serialized form to the frontend by means of
InjectedScriptHost.

This should allow inspecting iframes from different domains and should make it
possible to get rid of quarantined objects since all the communication with the
inspected frame would be serialized:
Inspected Frame <--> InjectedScript -->o-- InjectedScriptHost -->
InspectorFrontend
(all the messages between InjectedScript and InjectedScriptHost should be
serialized).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list