[Webkit-unassigned] [Bug 186593] User gesture context is not passed via MessageChannel
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 15 03:14:14 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=186593
--- Comment #5 from Frédéric Wang (:fredw) <fred.wang at free.fr> ---
Created attachment 342800
--> https://bugs.webkit.org/attachment.cgi?id=342800&action=review
Patch
Here is a quick proof-of-concept patch that just propagates the current user gesture via MessageWithMesagePorts. That seems to make Dima's test case work as expected.
(In reply to Brady Eidson from comment #3)
> MessageChannels can cross browsing contexts in newly radical ways (e.g. web
> page -> service worker context), making the bug surface significantly larger.
>
> The fallout from "blessing" them with the user gesture flag should be
> carefully considered.
I agree, I think we would need feedback from security reviewers to be sure whether this change of behavior is acceptable.
It seems Chromium developers are considering allowing that (cf see also link) once they enable their new refactored code. Maybe they could give us their stance on this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180615/112b0596/attachment.html>
More information about the webkit-unassigned
mailing list