[Webkit-unassigned] [Bug 63257] When blocking localStorage, Firefox throws a security exception on access, and maybe so should we
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 18 15:59:16 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=63257
--- Comment #31 from jochen at chromium.org 2012-10-18 16:00:10 PST ---
(From update of attachment 169176)
View in context: https://bugs.webkit.org/attachment.cgi?id=169176&action=review
>> Source/WebCore/page/DOMWindow.cpp:749
>> + if (!m_sessionStorage->area()->canAccessStorage(m_frame)) {
>
> Are these canAccessStorage() tests really needed for the window.sessionStorage and the window.localStorage accessors? Each method within the storage itself has been modified to test interally, this extra layer of checking on the window attribute value means we'll generally be checking twice per operation, and the first check will incur the larger cost since its bypassing the cached value.
>
> And if the check on the window attribute value really is needed... as coded it's bypassing the area's cached value and will incur the full cost of looking up the policy value. Could this check utilize the cached value?
>
> Answering that first question first would be good. If we could avoid the test for the window attribute access all the better.
In firefox, foo = window.sessionStorage will already throw an exception, and since it's about matching that behavior, I'd say the test is required
>> Source/WebKit/chromium/src/StorageAreaProxy.cpp:137
>> + if (UNLIKELY(!frame || !frame->page()))
>
> Is there any case where 'frame' would be NULL? Not saying there isn't, just asking.
I think there's none, just page can be null (see the detached iframe layout test)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list