Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1939713003:
Dispatch events in isolated worlds, even if script execution is forbidden (Closed)
|
Created:
4 years, 7 months ago by jochen (gone - plz use gerrit) Modified:
4 years, 7 months ago CC:
blink-reviews, blink-reviews-bindings_chromium.org, chromium-reviews, jochen+watch_chromium.org, mlamouri+watch-test-runner_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionDispatch events in isolated worlds, even if script execution is forbidden
BUG=608286, 607072
R=mkwst@chromium.org
Committed: https://crrev.com/866d1237c72059624def2242e218a7dfe78b125e
Cr-Commit-Position: refs/heads/master@{#391197}
Patch Set 1 #
Total comments: 5
Patch Set 2 : updates #
Messages
Total messages: 20 (4 generated)
haraken@chromium.org changed reviewers: + haraken@chromium.org
https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) Would it be better to move the check into canExecuteScripts? (assuming that you really want to enable all extension stuff when JS is disabled.)
https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) On 2016/05/02 at 09:23:55, haraken wrote: > Would it be better to move the check into canExecuteScripts? (assuming that you really want to enable all extension stuff when JS is disabled.) I don't understand the patch, actually: why doesn't the call to `isInPrivateScriptIsolateWorld` in `canExecuteScripts` already handle this case?
On 2016/05/02 09:30:15, Mike West wrote: > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if > (scriptState->world().isMainWorld() && > !frame->script().canExecuteScripts(AboutToExecuteScript)) > On 2016/05/02 at 09:23:55, haraken wrote: > > Would it be better to move the check into canExecuteScripts? (assuming that > you really want to enable all extension stuff when JS is disabled.) > > I don't understand the patch, actually: why doesn't the call to > `isInPrivateScriptIsolateWorld` in `canExecuteScripts` already handle this case? Because a private script (i.e., Blink-in-JS) is a part of Blink's implementation, so it should always be enabled regardless of whether JS is enabled or disabled.
On 2016/05/02 at 09:31:45, haraken wrote: > On 2016/05/02 09:30:15, Mike West wrote: > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if > > (scriptState->world().isMainWorld() && > > !frame->script().canExecuteScripts(AboutToExecuteScript)) > > On 2016/05/02 at 09:23:55, haraken wrote: > > > Would it be better to move the check into canExecuteScripts? (assuming that > > you really want to enable all extension stuff when JS is disabled.) > > > > I don't understand the patch, actually: why doesn't the call to > > `isInPrivateScriptIsolateWorld` in `canExecuteScripts` already handle this case? > > Because a private script (i.e., Blink-in-JS) is a part of Blink's implementation, so it should always be enabled regardless of whether JS is enabled or disabled. Interesting. I thought we removed that entirely. I think I agree that `canExecuteScripts` ought to be handling this check; it seems like you'd need to add it in more places to allow extensions to do all the things that extensions like to do, so centralizing the check seems advisable.
https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) On 2016/05/02 at 09:23:55, haraken wrote: > Would it be better to move the check into canExecuteScripts? (assuming that you really want to enable all extension stuff when JS is disabled.) then if an isolated world inserted a script into the main world, because we're still in the context of the isolated world when inserting the element. https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) On 2016/05/02 at 09:23:55, haraken wrote: > Would it be better to move the check into canExecuteScripts? (assuming that you really want to enable all extension stuff when JS is disabled.) then if an isolated world inserted a script into the main world, because we're still in the context of the isolated world when inserting the element.
https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) On 2016/05/02 09:41:52, jochen wrote: > On 2016/05/02 at 09:23:55, haraken wrote: > > Would it be better to move the check into canExecuteScripts? (assuming that > you really want to enable all extension stuff when JS is disabled.) > > then if an isolated world inserted a script into the main world, because we're > still in the context of the isolated world when inserting the element. Your point is that canExecuteScripts should take a ScriptState parameter and use the ScriptState instead of relying on isolate->GetCurrentContext()? (That makes sense to me.)
On 2016/05/02 at 09:45:59, haraken wrote: > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if (scriptState->world().isMainWorld() && !frame->script().canExecuteScripts(AboutToExecuteScript)) > On 2016/05/02 09:41:52, jochen wrote: > > On 2016/05/02 at 09:23:55, haraken wrote: > > > Would it be better to move the check into canExecuteScripts? (assuming that > > you really want to enable all extension stuff when JS is disabled.) > > > > then if an isolated world inserted a script into the main world, because we're > > still in the context of the isolated world when inserting the element. > > Your point is that canExecuteScripts should take a ScriptState parameter and use the ScriptState instead of relying on isolate->GetCurrentContext()? (That makes sense to me.) except, we don't have a script state everywhere we call that method :( also, I'd argue that the check for private scripts is wrong and only works because none of the scripts that depend on it are doing stuff like inserting script tags
On 2016/05/02 09:50:10, jochen wrote: > On 2016/05/02 at 09:45:59, haraken wrote: > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): > > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if > (scriptState->world().isMainWorld() && > !frame->script().canExecuteScripts(AboutToExecuteScript)) > > On 2016/05/02 09:41:52, jochen wrote: > > > On 2016/05/02 at 09:23:55, haraken wrote: > > > > Would it be better to move the check into canExecuteScripts? (assuming > that > > > you really want to enable all extension stuff when JS is disabled.) > > > > > > then if an isolated world inserted a script into the main world, because > we're > > > still in the context of the isolated world when inserting the element. > > > > Your point is that canExecuteScripts should take a ScriptState parameter and > use the ScriptState instead of relying on isolate->GetCurrentContext()? (That > makes sense to me.) > > except, we don't have a script state everywhere we call that method :( > > also, I'd argue that the check for private scripts is wrong and only works > because none of the scripts that depend on it are doing stuff like inserting > script tags Agreed. It would be wrong for the private scripts to use isolate->GetCurrentContext -- it should pass in a correct ScriptState to canExecuteScripts. > except, we don't have a script state everywhere we call that method :( Maybe should we pass in a DOMWrapperWorld? A ScriptState may not always be available, but a DOMWrapperWorld should be clarified when we're about to execute a script.
On 2016/05/02 at 10:08:34, haraken wrote: > On 2016/05/02 09:50:10, jochen wrote: > > On 2016/05/02 at 09:45:59, haraken wrote: > > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp (right): > > > > > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if > > (scriptState->world().isMainWorld() && > > !frame->script().canExecuteScripts(AboutToExecuteScript)) > > > On 2016/05/02 09:41:52, jochen wrote: > > > > On 2016/05/02 at 09:23:55, haraken wrote: > > > > > Would it be better to move the check into canExecuteScripts? (assuming > > that > > > > you really want to enable all extension stuff when JS is disabled.) > > > > > > > > then if an isolated world inserted a script into the main world, because > > we're > > > > still in the context of the isolated world when inserting the element. > > > > > > Your point is that canExecuteScripts should take a ScriptState parameter and > > use the ScriptState instead of relying on isolate->GetCurrentContext()? (That > > makes sense to me.) > > > > except, we don't have a script state everywhere we call that method :( > > > > also, I'd argue that the check for private scripts is wrong and only works > > because none of the scripts that depend on it are doing stuff like inserting > > script tags > > Agreed. It would be wrong for the private scripts to use isolate->GetCurrentContext -- it should pass in a correct ScriptState to canExecuteScripts. > > > except, we don't have a script state everywhere we call that method :( > > Maybe should we pass in a DOMWrapperWorld? A ScriptState may not always be available, but a DOMWrapperWorld should be clarified when we're about to execute a script. in most cases this would mean statically passing in the main world - the API is often used to just check the flag without executing any script.
On 2016/05/02 10:27:54, jochen wrote: > On 2016/05/02 at 10:08:34, haraken wrote: > > On 2016/05/02 09:50:10, jochen wrote: > > > On 2016/05/02 at 09:45:59, haraken wrote: > > > > > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > > > File third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp > (right): > > > > > > > > > > > > https://codereview.chromium.org/1939713003/diff/1/third_party/WebKit/Source/b... > > > > third_party/WebKit/Source/bindings/core/v8/V8EventListener.cpp:89: if > > > (scriptState->world().isMainWorld() && > > > !frame->script().canExecuteScripts(AboutToExecuteScript)) > > > > On 2016/05/02 09:41:52, jochen wrote: > > > > > On 2016/05/02 at 09:23:55, haraken wrote: > > > > > > Would it be better to move the check into canExecuteScripts? (assuming > > > that > > > > > you really want to enable all extension stuff when JS is disabled.) > > > > > > > > > > then if an isolated world inserted a script into the main world, because > > > we're > > > > > still in the context of the isolated world when inserting the element. > > > > > > > > Your point is that canExecuteScripts should take a ScriptState parameter > and > > > use the ScriptState instead of relying on isolate->GetCurrentContext()? > (That > > > makes sense to me.) > > > > > > except, we don't have a script state everywhere we call that method :( > > > > > > also, I'd argue that the check for private scripts is wrong and only works > > > because none of the scripts that depend on it are doing stuff like inserting > > > script tags > > > > Agreed. It would be wrong for the private scripts to use > isolate->GetCurrentContext -- it should pass in a correct ScriptState to > canExecuteScripts. > > > > > except, we don't have a script state everywhere we call that method :( > > > > Maybe should we pass in a DOMWrapperWorld? A ScriptState may not always be > available, but a DOMWrapperWorld should be clarified when we're about to execute > a script. > > in most cases this would mean statically passing in the main world - the API is > often used to just check the flag without executing any script. Then can we make the world parameter a default parameter pointing to the main world?
What about me filling a bug to consider doing this? I think changing this all over the place requires a careful review of all callsites as I don't want to accidentally allow running scripts if something gets hold of the wrong script state.
On 2016/05/02 16:05:51, jochen wrote: > What about me filling a bug to consider doing this? I think changing this all > over the place requires a careful review of all callsites as I don't want to > accidentally allow running scripts if something gets hold of the wrong script > state. LGTM, but add a TODO on the code you're introducing here.
The CQ bit was checked by jochen@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from haraken@chromium.org Link to the patchset: https://codereview.chromium.org/1939713003/#ps20001 (title: "updates")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1939713003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1939713003/20001
Message was sent while issue was closed.
Committed patchset #2 (id:20001)
Message was sent while issue was closed.
Description was changed from ========== Dispatch events in isolated worlds, even if script execution is forbidden BUG=608286,607072 R=mkwst@chromium.org ========== to ========== Dispatch events in isolated worlds, even if script execution is forbidden BUG=608286,607072 R=mkwst@chromium.org Committed: https://crrev.com/866d1237c72059624def2242e218a7dfe78b125e Cr-Commit-Position: refs/heads/master@{#391197} ==========
Message was sent while issue was closed.
Patchset 2 (id:??) landed as https://crrev.com/866d1237c72059624def2242e218a7dfe78b125e Cr-Commit-Position: refs/heads/master@{#391197} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
