[Webkit-unassigned] [Bug 63257] When blocking localStorage, Firefox throws a security exception on access, and maybe so should we

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 18 15:47:52 PDT 2012


--- Comment #30 from Michael Nordman <michaeln at google.com>  2012-10-18 15:48:46 PST ---
(From update of attachment 169176)
Thnx for moving the logic out of the bindings layer and into less voodoo'ish webcore classes.

View in context: https://bugs.webkit.org/attachment.cgi?id=169176&action=review

> Source/WebCore/page/DOMWindow.cpp:749
> +        if (!m_sessionStorage->area()->canAccessStorage(m_frame)) {

Are these canAccessStorage() tests really needed for the window.sessionStorage and the window.localStorage accessors? Each method within the storage itself has been modified to test interally, this extra layer of checking on the window attribute value means we'll generally be checking twice per operation, and the first check will incur the larger cost since its bypassing the cached value.

And if the check on the window attribute value really is needed... as coded it's bypassing the area's cached value and will incur the full cost of looking up the policy value. Could this check utilize the cached value?

Answering that first question first would be good. If we could avoid the test for the window attribute access all the better.

> Source/WebKit/chromium/src/StorageAreaProxy.cpp:137
> +    if (UNLIKELY(!frame || !frame->page()))

Is there any case where 'frame' would be NULL? Not saying there isn't, just asking.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list