[Webkit-unassigned] [Bug 42515] console() and Private Browsing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 21 08:16:52 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=42515
--- Comment #2 from Robert Hogan <robert at webkit.org> 2010-07-21 08:16:53 PST ---
(In reply to comment #1)
> I'm not sure if these checks are needed with the current Console design - the console is cleared when navigating to another document, so someone in possession of your computer won't be able to see the logs to discover out your browsing history.
Yes, the current situation is neither fish nor fowl. The following have addMessage() calls that need at least the same protection in privateBrowsing mode as the ones listed previously, in other words they also contain URL information which seems to have been the criterion for protecting printErrorMessageForFrame() and co:
XSSAuditor::canLoadObject()
WebSocket::connect()
While WebCore ditches console messages each time it navigates to a new document, it's likely that clients are having to manage the storage of console messages when switching out of private browsing as well.
If Console::canPrintExceptions() is true it will write everything to stdout - does Safari ensure that canPrintExceptions() is false in private browsing or is canPrintExceptions() exposed to users at all?
So WebCore should either care about console messages in private browsing or not. If it cares it should probably switch off nearly all console messages and ensure canPrintExceptions() is false.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list