Issue 15346002: Named access checks on DOMWindow miss navigator

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 15346002: Named access checks on DOMWindow miss navigator (Closed)

Created:
7 years, 7 months ago by abarth-chromium

Modified:
7 years, 7 months ago

Reviewers:
Nate Chapin

CC:
blink-reviews, jsbell+bindings_chromium.org, eae+blinkwatch, abarth-chromium, adamk+blink_chromium.org, haraken, Nate Chapin, japhet-do-not-use

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Named access checks on DOMWindow miss navigator The design of the named access check is very fragile. Instead of doing the access check at the same time as the access, we need to check access in a separate operation using different parameters. Worse, we need to implement a part of the access check as a blacklist of dangerous properties. This CL expands the blacklist slightly by adding in the real named properties from the DOMWindow instance to the current list (which included the real named properties of the shadow object). In the longer term, we should investigate whether we can change the V8 API to let us do the access check in the same callback as the property access itself. BUG=237022 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=150616

Patch Set 1 #

Created: 7 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+24 lines, -2 lines)			Patch
A	LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html	View	1 chunk	+9 lines, -0 lines	0 comments	Download
A +	LayoutTests/http/tests/security/xss-DENIED-window-name-alert-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A	LayoutTests/http/tests/security/xss-DENIED-window-name-navigator.html	View	1 chunk	+9 lines, -0 lines	0 comments	Download
A +	LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt	View	1 chunk	+1 line, -2 lines	0 comments	Download
M	Source/bindings/v8/custom/V8DOMWindowCustom.cpp	View	1 chunk	+6 lines, -1 line	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

abarth-chromium

japhet, would you be willing to take a look at this CL?

7 years, 7 months ago (2013-05-17 22:07:44 UTC) #2

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/abarth@chromium.org/15346002/1

7 years, 7 months ago (2013-05-17 23:18:48 UTC) #4

Message was sent while issue was closed.

Change committed as 150616

Expand Messages | Collapse Messages