Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/frame_replication_state.h

Issue 1098763003: Send origin updates to frame proxies when a frame navigates to new origin. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix Windows builds (add missing base:: to UTF16toASCII) Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/frame_messages.h ('k') | content/renderer/render_frame_proxy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/frame_replication_state.h
diff --git a/content/common/frame_replication_state.h b/content/common/frame_replication_state.h
index f6cfa9407d67fd5ac00486d0e8cdc4cc60c51288..77ec8596466b58167e9dac7c51996f68a90809e6 100644
--- a/content/common/frame_replication_state.h
+++ b/content/common/frame_replication_state.h
@@ -48,15 +48,42 @@ struct CONTENT_EXPORT FrameReplicationState {
FrameReplicationState(const std::string& name);
~FrameReplicationState();
- // Current serialized security origin of the frame. Unique origins are
- // represented as the string "null" per RFC 6454.
+ // Current serialized security origin of the frame. Unique origins are
+ // represented as the string "null" per RFC 6454. This field is updated
+ // whenever a frame navigation commits.
+ //
+ // TODO(alexmos): For now, |origin| updates are immediately sent to all frame
+ // proxies when in --site-per-process mode. This isn't ideal, since Blink
+ // typically needs a proxy's origin only when performing security checks on
+ // the ancestors of a local frame. So, as a future improvement, we could
+ // delay sending origin updates to proxies until they have a local descendant
+ // (if ever). This would reduce leaking a user's browsing history into a
+ // compromized renderer.
url::Origin origin;
- // Current sandbox flags of the frame.
+ // Current sandbox flags of the frame. |sandbox_flags| are initialized for
+ // new child frames using the value of the <iframe> element's "sandbox"
+ // attribute. They are updated dynamically whenever a parent frame updates an
+ // <iframe>'s sandbox attribute via JavaScript.
+ //
+ // Updates to |sandbox_flags| are sent to proxies, but only after a
+ // subsequent navigation of the (sandboxed) frame, since the flags only take
+ // effect on navigation (see also FrameTreeNode::effective_sandbox_flags_).
+ // The proxies need updated flags so that they can be inherited properly if a
+ // proxy ever becomes a parent of a local frame.
SandboxFlags sandbox_flags;
// The assigned name of the frame. This name can be empty, unlike the unique
// name generated internally in the DOM tree.
+ //
+ // |name| is set when a new child frame is created using the value of the
+ // <iframe> element's "name" attribute (see
+ // RenderFrameHostImpl::OnCreateChildFrame), and it is updated dynamically
+ // whenever a frame sets its window.name.
+ //
+ // |name| updates are immediately sent to all frame proxies (when in
+ // --site-per-process mode), so that other frames can look up or navigate a
+ // frame using its updated name (e.g., using window.open(url, frame_name)).
std::string name;
// TODO(alexmos): Eventually, this structure can also hold other state that
« no previous file with comments | « content/common/frame_messages.h ('k') | content/renderer/render_frame_proxy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698