Bug 179107

Summary: Assert that NoEventDispatchAssertion is not in the stack when executing a script
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: UI EventsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, fpizlo, ggaren, koivisto, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Adds assertion simon.fraser: review+

Ryosuke Niwa
Reported 2017-11-01 00:36:21 PDT
We should assert that we're not trying to execute script when NoEventDispatchAssertion is in the stack.
Attachments
Adds assertion (4.59 KB, patch)
2017-11-01 00:42 PDT, Ryosuke Niwa 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2017-11-01 00:42:12 PDT
Created attachment 325554 [details] Adds assertion
Ryosuke Niwa
Comment 2 2017-11-01 00:42:47 PDT
Once this patch is landed, we can make NoEventDispatchAssertion cheap enough for the main thread to release-assert.
Radar WebKit Bug Importer
Comment 3 2017-11-01 00:43:25 PDT
<rdar://problem/35288788>
Build Bot
Comment 4 2017-11-01 00:45:33 PDT
Attachment 325554 [details] did not pass style-queue: ERROR: Source/WebCore/bindings/js/ScriptController.cpp:681: Please replace ASSERT_WITH_SECURITY_IMPLICATION() with RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(). [security/assertion] [5] Total errors found: 1 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.
Simon Fraser (smfr)
Comment 5 2017-11-01 10:52:40 PDT
Comment on attachment 325554 [details] Adds assertion View in context: https://bugs.webkit.org/attachment.cgi?id=325554&action=review > Source/WebCore/bindings/js/ScriptController.cpp:681 > + ASSERT_WITH_SECURITY_IMPLICATION(NoEventDispatchAssertion::isEventAllowedInMainThread()); Please add a blank line after this.
Ryosuke Niwa
Comment 6 2017-11-01 13:30:23 PDT
(In reply to Simon Fraser (smfr) from comment #5) > Comment on attachment 325554 [details] > Adds assertion > > View in context: > https://bugs.webkit.org/attachment.cgi?id=325554&action=review > > > Source/WebCore/bindings/js/ScriptController.cpp:681 > > + ASSERT_WITH_SECURITY_IMPLICATION(NoEventDispatchAssertion::isEventAllowedInMainThread()); > > Please add a blank line after this. Done that.
Ryosuke Niwa
Comment 7 2017-11-01 13:36:50 PDT
Talked with Keith (Miller) and Saam to confirm that creating event listener wouldn't run arbitrary scripts to be sure.
Ryosuke Niwa
Comment 8 2017-11-01 13:39:00 PDT
Committed r224290: <https://trac.webkit.org/changeset/224290>
Note You need to log in before you can comment on or make changes to this bug.