Issue 21071003: Trigger `window.onerror` only for exceptions thrown in the same world.

Issue 21071003: Trigger `window.onerror` only for exceptions thrown in the same world. (Closed)

Created:
7 years, 4 months ago by Mike West

Modified:
7 years, 3 months ago

Reviewers:
adamk

CC:
blink-reviews, Nils Barth (inactive), kojih, jsbell+bindings_chromium.org, eae+blinkwatch, abarth-chromium, marja+watch_chromium.org, dglazkov+blink, adamk+blink_chromium.org, haraken, Nate Chapin, do-not-use

Base URL:
svn://svn.chromium.org/blink/trunk

Visibility:
Public.

More Reviews

Description

Trigger `window.onerror` only for exceptions thrown in the same world. This patch addresses half of crbug.com/225513 by grabbing the currently active DOMWrapperWorld when creating ErrorEvent objects, and checking that we're still in the same world when triggering `window.onerror` handlers. The next step will be to adjust event dispatching to ensure that 'error' event listeners only trigger in the same world as the exception. I'll address that in a separate patch; this patch adds several FAILing test results to make that gap clear. BUG=225513 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=157376

Patch Set 1 #

Patch Set 2 : Rebase. #

Patch Set 3 : rebaseline #

Total comments: 7

Patch Set 4 : feedback #

Created: 7 years, 3 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+67 lines, -55 lines)			Patch
M	LayoutTests/fast/events/window-onerror-isolatedworld-01.html	View	1	1 chunk	+24 lines, -5 lines	0 comments	Download
M	LayoutTests/fast/events/window-onerror-isolatedworld-01-expected.txt	View	1 2	7 chunks	+18 lines, -33 lines	0 comments	Download
M	LayoutTests/fast/events/window-onerror-isolatedworld-02-expected.txt	View	1 2	1 chunk	+0 lines, -4 lines	0 comments	Download
M	Source/bindings/v8/V8ErrorHandler.cpp	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	Source/bindings/v8/V8Initializer.cpp	View	1	2 chunks	+2 lines, -2 lines	0 comments	Download
M	Source/bindings/v8/WorkerScriptController.cpp	View	1 2 3	1 chunk	+2 lines, -2 lines	0 comments	Download
M	Source/core/dom/ErrorEvent.h	View	1 2 3	4 chunks	+11 lines, -5 lines	0 comments	Download
M	Source/core/dom/ErrorEvent.cpp	View	1 2 3	1 chunk	+3 lines, -1 line	0 comments	Download
M	Source/core/dom/ScriptExecutionContext.cpp	View	1 2 3	1 chunk	+1 line, -1 line	0 comments	Download
M	Source/core/workers/WorkerMessagingProxy.cpp	View	1	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 7 (0 generated)

Expand Messages | Collapse Messages

Mike West

Hi Adam, would you mind taking a look at this patch? It addresses only `window.onerror`. ...

7 years, 3 months ago (2013-09-05 09:11:33 UTC) #2

adamk

https://codereview.chromium.org/21071003/diff/7001/Source/bindings/v8/WorkerScriptController.cpp File Source/bindings/v8/WorkerScriptController.cpp (right): https://codereview.chromium.org/21071003/diff/7001/Source/bindings/v8/WorkerScriptController.cpp#newcode192 Source/bindings/v8/WorkerScriptController.cpp:192: ErrorEvent::createSanitizedError() : ErrorEvent::create(state.errorMessage, state.sourceURL, state.lineNumber, state.columnNumber, 0); The magic-ness ...

7 years, 3 months ago (2013-09-05 19:24:19 UTC) #3

Mike West

Thanks for taking a look, Adam. Would you mind taking another pass? -mike https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent.cpp File ...

7 years, 3 months ago (2013-09-06 11:57:03 UTC) #4

Thanks for taking a look, Adam. Would you mind taking another pass?

-mike

https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent...
File Source/core/dom/ErrorEvent.cpp (right):

https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent...
Source/core/dom/ErrorEvent.cpp:57: , m_world(0)
On 2013/09/05 19:24:20, adamk wrote:
> Why 0?

Laziness. I've changed this to pull in the current DOMWrapperWorld. I'd prefer
for that to be done in the generated bindings code, but I don't think it's worth
adding a custom constructor to V8ErrorEvent to make that happen. Pulling
'DOMWrapperWorld::current()' here is the lesser of those two evils.

https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent.h
File Source/core/dom/ErrorEvent.h (right):

https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent...
Source/core/dom/ErrorEvent.h:64: static PassRefPtr<ErrorEvent>
createSanitizedError()
On 2013/09/05 19:24:20, adamk wrote:
> What is this used for? Why is passing 0 for world always correct?

This is used for cross-origin onerror messages: they are sanitized to prevent
information leakage about the state of cross-origin script.

I don't think there's any case where we'd sanitize an extension's script, since
it's injected into the page directly. That said, you're probably right to say
that we should covering the edge-case explicitly by adding a world parameter.
I'll do that.

https://codereview.chromium.org/21071003/diff/7001/Source/core/dom/ErrorEvent...
Source/core/dom/ErrorEvent.h:96: DOMWrapperWorld* m_world;
On 2013/09/05 19:24:20, adamk wrote:
> Seems a little bit scary to skip a RefPtr here. As you're currently using it,
> only the object identity is important, but is there any downside to holding a
> Ref?

No good reason, as long as there aren't any side-effects I can't think of to
holding a reference. I'll change the implementation.

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/21071003/14001

7 years, 3 months ago (2013-09-06 16:16:58 UTC) #6

Message was sent while issue was closed.

Change committed as 157376

Expand Messages | Collapse Messages