Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2660643002:
Use an OOPIF-compatible call chain when finding the top-level frame (Closed)
|
Created:
3 years, 10 months ago by elawrence Modified:
3 years, 10 months ago CC:
chromium-reviews, mlamouri+watch-content_chromium.org, jam, vabr+watchlistpasswordmanager_chromium.org, rouslan+autofill_chromium.org, rogerm+autofillwatch_chromium.org, sebsg+autofillwatch_chromium.org, browser-components-watch_chromium.org, mathp+autofillwatch_chromium.org, darin-cc_chromium.org, vabr+watchlistautofill_chromium.org, estade+watch_chromium.org, gcasto+watchlist_chromium.org Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionKolos@ suggested engedy was more familiar with Password Manager+OOPIF.
Engedy@ can you please take a look?
---
Use an OOPIF-compatible call chain when finding the top-level frame
The ShowSuggestions autofill method must walk up the DOM hierarchy to
determine the security origin of the top-level markup. Because the
form may live in a different process than the top-level markup (due to
out-of-process iframes), we must use a method call chain that works
correctly across processes.
BUG=685982
Patch Set 1 #
Total comments: 1
Messages
Total messages: 24 (13 generated)
The CQ bit was checked by elawrence@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
elawrence@chromium.org changed reviewers: + mathp@chromium.org, nasko@chromium.org
Please have a look?
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== Use an OOPIF-compatible call chain when finding the top-level frame The ShowSuggestions autofill method must walk up the DOM hierarchy to determine the security origin of the top-level markup. Because the form may live in a different process than the top-level markup (due to out-of-process iframes), we must use a method call chain that works correctly across processes. BUG=685982 ========== to ========== Use an OOPIF-compatible call chain when finding the top-level frame The ShowSuggestions autofill method must walk up the DOM hierarchy to determine the security origin of the top-level markup. Because the form may live in a different process than the top-level markup (due to out-of-process iframes), we must use a method call chain that works correctly across processes. BUG=685982 ==========
mathp@chromium.org changed reviewers: + dvadym@chromium.org - mathp@chromium.org
mathp@chromium.org changed reviewers: + mathp@chromium.org
+dvadym is a more proper owner for password code here.
https://codereview.chromium.org/2660643002/diff/1/components/autofill/content... File components/autofill/content/renderer/password_autofill_agent.cc (right): https://codereview.chromium.org/2660643002/diff/1/components/autofill/content... components/autofill/content/renderer/password_autofill_agent.cc:858: render_frame()->GetWebFrame()->top()->getSecurityOrigin()) Can't we use getSecurityOrigin().isPotentiallyTrustworthy() here? The multiple conversions going on are too hard to follow and might lead to subtle mistakes.
https://codereview.chromium.org/2660643002/diff/1/components/autofill/content... > components/autofill/content/renderer/password_autofill_agent.cc:858: > render_frame()->GetWebFrame()->top()->getSecurityOrigin()) > Can't we use getSecurityOrigin().isPotentiallyTrustworthy() here? The multiple > conversions going on are too hard to follow and might lead to subtle mistakes. I can change this if you feel strongly about it. Currently isPotentiallyTrustworthy() has an ASSERT that the protocol isn't DATA, which means we'd need to special-case before entrance to that codepath to avoid crashing on Data URIs. There appear to be some other corner cases (e.g. FILE:) that we'd need to evaluate on a case-by-case basis. Our eventual goal is to change the nature of this check so that we don't look at the URL directly and instead query the state of the top-level Omnibox Security Chip-- if it's Not Secure or Dangerous, we'll show the in-form warning, otherwise we won't. That's a bigger plumbing project for a future CL.
elawrence@chromium.org changed reviewers: + kolos@chromium.org
dvadym is out until the 6th. kolos@, could you PTAL?
On 2017/01/30 15:23:45, elawrence wrote: > https://codereview.chromium.org/2660643002/diff/1/components/autofill/content... > > components/autofill/content/renderer/password_autofill_agent.cc:858: > > render_frame()->GetWebFrame()->top()->getSecurityOrigin()) > > Can't we use getSecurityOrigin().isPotentiallyTrustworthy() here? The multiple > > conversions going on are too hard to follow and might lead to subtle mistakes. > > I can change this if you feel strongly about it. Currently > isPotentiallyTrustworthy() has an ASSERT that the protocol isn't DATA, which > means we'd need to special-case before entrance to that codepath to avoid > crashing on Data URIs. There appear to be some other corner cases (e.g. FILE:) > that we'd need to evaluate on a case-by-case basis. > > Our eventual goal is to change the nature of this check so that we don't look at > the URL directly and instead query the state of the top-level Omnibox Security > Chip-- if it's Not Secure or Dangerous, we'll show the in-form warning, > otherwise we won't. That's a bigger plumbing project for a future CL. Let's make sure we don't crash, so LGTM on this CL. However, it will be good to clean this up. Also, can you file a bug for providing IsSecure() method on url::Origin itself? Why do we need to send it to a completely different method to judge that, one that doesn't even accept ur::Origin.
Thanks, Nasko! > Also, can you file a bug for providing IsSecure() method on url::Origin itself? Filed crbug.com/686891
Description was changed from ========== Use an OOPIF-compatible call chain when finding the top-level frame The ShowSuggestions autofill method must walk up the DOM hierarchy to determine the security origin of the top-level markup. Because the form may live in a different process than the top-level markup (due to out-of-process iframes), we must use a method call chain that works correctly across processes. BUG=685982 ========== to ========== Kolos@ suggested engedy was more familiar with Password Manager+OOPIF. Engedy@ can you please take a look? --- Use an OOPIF-compatible call chain when finding the top-level frame The ShowSuggestions autofill method must walk up the DOM hierarchy to determine the security origin of the top-level markup. Because the form may live in a different process than the top-level markup (due to out-of-process iframes), we must use a method call chain that works correctly across processes. BUG=685982 ==========
elawrence@chromium.org changed reviewers: + engedy@chromium.org - kolos@chromium.org, mathp@chromium.org
Thanks for filing the bug, and +1 on cleaning this up in the long-term. But LGTM as a short-term fix.
The CQ bit was checked by elawrence@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
Message was sent while issue was closed.
This change landed with a TBR via a different CL: https://codereview.chromium.org/2665993004/ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
