[Webkit-unassigned] [Bug 32554] New: Create injected script instance per inspected frame context
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 15 05:42:55 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=32554
Summary: Create injected script instance per inspected frame
context
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: ASSIGNED
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: yurys at chromium.org
CC: timothy at hatcher.name, abarth at webkit.org,
pfeldman at chromium.org
Blocks: 31587
Currently there is one InjectedScript instance per inspected page which means
that it has access to all frames contents. This may lead to security problems.
To protect against them WebKit uses quaranined objects, Chromium currently has
utility context which basically has the same proviledges as the main frame in
the page. Would much better to have each InjectedScript instance access exactly
one frame and send all data in serialized form to the frontend by means of
InjectedScriptHost.
This should allow inspecting iframes from different domains and should make it
possible to get rid of quarantined objects since all the communication with the
inspected frame would be serialized:
Inspected Frame <--> InjectedScript -->o-- InjectedScriptHost -->
InspectorFrontend
(all the messages between InjectedScript and InjectedScriptHost should be
serialized).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list