[Webkit-unassigned] [Bug 43928] New: Web Inspector: Nested fake workers don't handle about:blank url

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 12 12:19:54 PDT 2010


https://bugs.webkit.org/show_bug.cgi?id=43928

           Summary: Web Inspector: Nested fake workers don't handle
                    about:blank url
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://inst.eecs.berkeley.edu/~pathorn/workers.html
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pathorn at chromium.org
                CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
                    pmuellr at yahoo.com, joepeck at webkit.org,
                    pfeldman at chromium.org, yurys at chromium.org,
                    bweinstein at apple.com, caseq at chromium.org


Created an attachment (id=64247)
 --> (https://bugs.webkit.org/attachment.cgi?id=64247)
If URL is about:blank, use __devtools.location instead.

I have an application which uses subworkers if available, as described in MDC here:
https://developer.mozilla.org/en/Using_web_workers#Spawning_subworkers

When debugging workers is enabled, creating the worker fails in the URI class because location.href of the iframe is always about:blank. The call which passes in the bad location is:
scriptURL = this._expandURLAndCheckOrigin(document.baseURI, location.href, url);

My proposed fix is to lookup the origin in the same way as _importScripts, by using the location set by the parent frame.
I'm fairly certain this will not cause a XSS hole because the iframe is an about:blank URL, which means that no malicious code should not be able to affect the parent page--the __devtools variable could be faked but must have been set by the parent page, which implies some trust.

The attached diff allows subworkers to work when the debug box is checked. (The fibbonacci page produces the right answer 55)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list