Issue 921683002: make window interceptors DoNoCheckSecurity

Issue 921683002: make window interceptors DoNoCheckSecurity (Closed)

Created:
5 years, 10 months ago by jochen (gone - plz use gerrit)

Modified:
5 years, 10 months ago

Reviewers:
haraken, Jens Widell, dcarney

CC:
arv+blink, blink-reviews, blink-reviews-bindings_chromium.org, Inactive

Base URL:
svn://svn.chromium.org/blink/trunk

Target Ref:
refs/heads/master

Project:
blink

Visibility:
Public.

More Reviews

Description

make window interceptors DoNoCheckSecurity This marks them as "all can read". The actually security check is then done in the custom bindings code for windows. R=haraken@chromium.org, jl@opera.com BUG=404300 Patch by Dan Carney <dcarney@chromium.org>; Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=190054

Patch Set 4 : updates #

Created: 5 years, 10 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+157 lines, -86 lines)			Patch
M	LayoutTests/http/tests/security/document-all-expected.txt	View		1 chunk	+2 lines, -1 line	0 comments	Download
A	LayoutTests/http/tests/security/resources/doc-with-iframe.html	View		1 chunk	+5 lines, -0 lines	0 comments	Download
M	LayoutTests/http/tests/security/window-named-proto-expected.txt	View		1 chunk	+1 line, -2 lines	0 comments	Download
M	LayoutTests/http/tests/security/xss-DENIED-window-index-assign-expected.txt	View		1 chunk	+1 line, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xss-DENIED-window-name-navigator.html	View		1 chunk	+19 lines, -1 line	0 comments	Download
M	LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt	View		1 chunk	+6 lines, -2 lines	0 comments	Download
A	LayoutTests/http/tests/security/xss-getownproperty.html	View		1 chunk	+35 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xss-getownproperty-expected.txt	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	Source/bindings/core/v8/custom/V8WindowCustom.cpp	View	1	2 chunks	+20 lines, -62 lines	0 comments	Download
M	Source/bindings/scripts/v8_interface.py	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	Source/bindings/templates/interface_base.cpp	View		2 chunks	+14 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/idls/core/TestInterface.idl	View	1 2 3	1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterface.cpp	View	1 2 3	1 chunk	+10 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterface2.cpp	View	3	1 chunk	+8 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestInterface3.cpp	View		1 chunk	+8 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/results/core/V8TestSpecialOperations.cpp	View		1 chunk	+4 lines, -1 line	0 comments	Download
M	Source/bindings/tests/results/core/V8TestSpecialOperationsNotEnumerable.cpp	View		1 chunk	+8 lines, -2 lines	0 comments	Download
M	Source/bindings/tests/results/modules/V8TestInterface5.cpp	View		1 chunk	+8 lines, -2 lines	0 comments	Download
M	Source/core/frame/Window.idl	View		1 chunk	+2 lines, -2 lines	0 comments	Download

Messages

Total messages: 23 (6 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

haraken

LGTM Jens might want to take another look though. https://codereview.chromium.org/921683002/diff/1/Source/bindings/core/v8/custom/V8WindowCustom.cpp File Source/bindings/core/v8/custom/V8WindowCustom.cpp (left): https://codereview.chromium.org/921683002/diff/1/Source/bindings/core/v8/custom/V8WindowCustom.cpp#oldcode389 Source/bindings/core/v8/custom/V8WindowCustom.cpp:389: ...

5 years, 10 months ago (2015-02-12 09:45:58 UTC) #1

jochen (gone - plz use gerrit)

https://codereview.chromium.org/921683002/diff/1/Source/bindings/core/v8/custom/V8WindowCustom.cpp File Source/bindings/core/v8/custom/V8WindowCustom.cpp (left): https://codereview.chromium.org/921683002/diff/1/Source/bindings/core/v8/custom/V8WindowCustom.cpp#oldcode389 Source/bindings/core/v8/custom/V8WindowCustom.cpp:389: if (key->IsString()) { On 2015/02/12 at 09:45:58, haraken wrote: ...

5 years, 10 months ago (2015-02-12 09:52:17 UTC) #3

Jens Widell

The previous patch added [AllCanread] to the getters defined in TestInterface2.idl. Any reason you didn't ...

5 years, 10 months ago (2015-02-12 09:57:13 UTC) #4

Jens Widell

On 2015/02/12 10:01:16, jochen (slow) wrote: > added them back. ptal Thanks. LGTM.

5 years, 10 months ago (2015-02-12 10:10:05 UTC) #6

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/921683002/40001

5 years, 10 months ago (2015-02-12 10:12:04 UTC) #10

dcarney

On 2015/02/12 10:12:04, I haz the power (commit-bot) wrote: > CQ is trying da patch. ...

5 years, 10 months ago (2015-02-12 12:00:49 UTC) #11

jochen (gone - plz use gerrit)

On 2015/02/12 at 12:00:49, dcarney wrote: > On 2015/02/12 10:12:04, I haz the power (commit-bot) ...

5 years, 10 months ago (2015-02-12 12:02:39 UTC) #13

Jens Widell

On 2015/02/12 12:00:49, dcarney wrote: > On 2015/02/12 10:12:04, I haz the power (commit-bot) wrote: ...

5 years, 10 months ago (2015-02-12 12:03:58 UTC) #14

jochen (gone - plz use gerrit)

Dan, what's your take on this? Land as is?

5 years, 10 months ago (2015-02-12 12:19:49 UTC) #15

dcarney

On 2015/02/12 12:19:49, jochen (slow) wrote: > Dan, what's your take on this? Land as ...

5 years, 10 months ago (2015-02-12 13:03:04 UTC) #16

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/921683002/60001

5 years, 10 months ago (2015-02-12 14:02:53 UTC) #22

commit-bot: I haz the power

5 years, 10 months ago (2015-02-12 14:56:38 UTC) #23

Message was sent while issue was closed.

Committed patchset #4 (id:60001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=190054

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages