[Webkit-unassigned] [Bug 205717] User Script Sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 5 11:00:39 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=205717
--- Comment #3 from Garvan Keeley <garvankeeley at gmail.com> ---
> Brave iOS uses a UUID-namespaced JS object for their WKUserScript injected JS, putting all injected JS in a runtime generated non-introspectable parent object. This seems secure for native-to-JS, I haven't investigated if this is hackable for JS-to-native.
Actually, Object.getOwnPropertyNames would show those functions, so my comment is incorrect, maybe someone from Brave can chime in on their method to secure their WKUserScript JS.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200605/b7a50f3b/attachment.htm>
More information about the webkit-unassigned
mailing list