Bug 195300

Summary: Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to RenderLayer
Product: WebKit Reporter: Wenson Hsieh <wenson_hsieh>
Component: WebCore Misc.Assignee: Wenson Hsieh <wenson_hsieh>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, commit-queue, simon.fraser, thorton, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Typo fix
simon.fraser: review+
Patch for landing none

Description Wenson Hsieh 2019-03-04 16:36:39 PST 
Code cleanup, SSIA.
Comment 1 Wenson Hsieh 2019-03-06 10:52:42 PST Comment hidden (obsolete)
Comment 2 Wenson Hsieh 2019-03-06 10:54:15 PST 
Created attachment 363759 [details]
Typo fix
Comment 3 Simon Fraser (smfr) 2019-03-06 10:57:49 PST 
Comment on attachment 363759 [details]
Typo fix

View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review

> Source/WebCore/ChangeLog:8
> +        Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function

Backticks :\

> Source/WebCore/rendering/RenderLayer.cpp:6602
> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const

It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.
Comment 4 Wenson Hsieh 2019-03-06 11:23:51 PST 
Comment on attachment 363759 [details]
Typo fix

View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review

>> Source/WebCore/ChangeLog:8
>> +        Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function
> 
> Backticks :\

Backtick'd text like this will show up as a code block in trac.webkit.org (I use it sometimes when referencing function names in ChangeLogs for this reason). But I'll remove it here anyways.

>> Source/WebCore/rendering/RenderLayer.cpp:6602
>> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const
> 
> It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.

An interesting point! That being said, it seems like (1) RenderLayer already knows how to walk out of its current frame in a few other places (e.g. scrollRectToVisible), and (2) the result of isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it only affects the behavior of platform-specific chrome that's opaque to the web page).
Comment 5 Wenson Hsieh 2019-03-06 11:40:24 PST 
Created attachment 363766 [details]
Patch for landing
Comment 6 WebKit Commit Bot 2019-03-06 12:18:06 PST 
Comment on attachment 363766 [details]
Patch for landing

Clearing flags on attachment: 363766

Committed r242561: <https://trac.webkit.org/changeset/242561>
Comment 7 Simon Fraser (smfr) 2019-03-06 13:08:28 PST 
(In reply to Wenson Hsieh from comment #4)
> Comment on attachment 363759 [details]

> An interesting point! That being said, it seems like (1) RenderLayer already
> knows how to walk out of its current frame in a few other places (e.g.
> scrollRectToVisible)

There's a bug about that somewhere.

> and (2) the result of
> isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it
> only affects the behavior of platform-specific chrome that's opaque to the
> web page).

good.
Comment 8 Radar WebKit Bug Importer 2019-03-06 13:24:26 PST 
<rdar://problem/48649818>