[Webkit-unassigned] [Bug 43928] New: Web Inspector: Nested fake workers don't handle about:blank url
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 12 12:19:54 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=43928
Summary: Web Inspector: Nested fake workers don't handle
about:blank url
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
URL: http://inst.eecs.berkeley.edu/~pathorn/workers.html
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Web Inspector
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: pathorn at chromium.org
CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
pmuellr at yahoo.com, joepeck at webkit.org,
pfeldman at chromium.org, yurys at chromium.org,
bweinstein at apple.com, caseq at chromium.org
Created an attachment (id=64247)
--> (https://bugs.webkit.org/attachment.cgi?id=64247)
If URL is about:blank, use __devtools.location instead.
I have an application which uses subworkers if available, as described in MDC here:
https://developer.mozilla.org/en/Using_web_workers#Spawning_subworkers
When debugging workers is enabled, creating the worker fails in the URI class because location.href of the iframe is always about:blank. The call which passes in the bad location is:
scriptURL = this._expandURLAndCheckOrigin(document.baseURI, location.href, url);
My proposed fix is to lookup the origin in the same way as _importScripts, by using the location set by the parent frame.
I'm fairly certain this will not cause a XSS hole because the iframe is an about:blank URL, which means that no malicious code should not be able to affect the parent page--the __devtools variable could be faked but must have been set by the parent page, which implies some trust.
The attached diff allows subworkers to work when the debug box is checked. (The fibbonacci page produces the right answer 55)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list