[Webkit-unassigned] [Bug 204880] Automation: scripts are executed in the wrong js context after a history navigation

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 7 10:02:19 PST 2020


--- Comment #8 from Joseph Pecoraro <joepeck at webkit.org> ---
Comment on attachment 384891
  --> https://bugs.webkit.org/attachment.cgi?id=384891

View in context: https://bugs.webkit.org/attachment.cgi?id=384891&action=review

>>>> Source/WebKit/WebProcess/Automation/WebAutomationSessionProxy.js:28
>>>> +var WebKitAutomation = {};
>>> Does this mean that `WebKitAutomation` is now visible as `window.WebKitAutomation` in the page?
>> Yes. We could use a document property instead like chromium does. Or we could even try to use an isolated world for automation. The other option would be to keep the lifetime of the automation object from C++ like we currently do, but we need a reliable way to release the object when the js context of the frame changes.
> We can't use an isolated world, because we are expected to have access to global object properties from scripts.

You could probably use PrivateNames, like JavaScriptCore does for its built-in scripts. It would never be observable from user script but would exist in their world.

There are two such facilities:

   1. <JavaScriptCore/JSObjectRefPrivate.h>
    JS_EXPORT bool JSObjectSetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName, JSValueRef value);
    JS_EXPORT JSValueRef JSObjectGetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSStringRef propertyName);

   2. <JavaScriptCore/PrivateName.h>
    These PrivateNames are like symbols.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200107/2e3cfc54/attachment-0001.htm>

More information about the webkit-unassigned mailing list