Bug 195300

Summary: Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to RenderLayer
Product: WebKit Reporter: Wenson Hsieh <wenson_hsieh>
Component: WebCore Misc.Assignee: Wenson Hsieh <wenson_hsieh>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, commit-queue, simon.fraser, thorton, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Typo fix
simon.fraser: review+
Patch for landing none

Wenson Hsieh
Reported 2019-03-04 16:36:39 PST
Code cleanup, SSIA.
Attachments
Patch (11.19 KB, patch)
2019-03-06 10:52 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Typo fix (11.17 KB, patch)
2019-03-06 10:54 PST, Wenson Hsieh 		simon.fraser: review+
DetailsFormatted DiffDiff
Patch for landing (11.17 KB, patch)
2019-03-06 11:40 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Wenson Hsieh
Comment 1 2019-03-06 10:52:42 PST Comment hidden (obsolete)
Wenson Hsieh
Comment 2 2019-03-06 10:54:15 PST
Created attachment 363759 [details] Typo fix
Simon Fraser (smfr)
Comment 3 2019-03-06 10:57:49 PST
Comment on attachment 363759 [details] Typo fix View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review > Source/WebCore/ChangeLog:8 > + Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function Backticks :\ > Source/WebCore/rendering/RenderLayer.cpp:6602 > +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.
Wenson Hsieh
Comment 4 2019-03-06 11:23:51 PST
Comment on attachment 363759 [details] Typo fix View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review >> Source/WebCore/ChangeLog:8 >> + Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function > > Backticks :\ Backtick'd text like this will show up as a code block in trac.webkit.org (I use it sometimes when referencing function names in ChangeLogs for this reason). But I'll remove it here anyways. >> Source/WebCore/rendering/RenderLayer.cpp:6602 >> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const > > It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective. An interesting point! That being said, it seems like (1) RenderLayer already knows how to walk out of its current frame in a few other places (e.g. scrollRectToVisible), and (2) the result of isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it only affects the behavior of platform-specific chrome that's opaque to the web page).
Wenson Hsieh
Comment 5 2019-03-06 11:40:24 PST
Created attachment 363766 [details] Patch for landing
WebKit Commit Bot
Comment 6 2019-03-06 12:18:06 PST
Comment on attachment 363766 [details] Patch for landing Clearing flags on attachment: 363766 Committed r242561: <https://trac.webkit.org/changeset/242561>
Simon Fraser (smfr)
Comment 7 2019-03-06 13:08:28 PST
(In reply to Wenson Hsieh from comment #4) > Comment on attachment 363759 [details] > An interesting point! That being said, it seems like (1) RenderLayer already > knows how to walk out of its current frame in a few other places (e.g. > scrollRectToVisible) There's a bug about that somewhere. > and (2) the result of > isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it > only affects the behavior of platform-specific chrome that's opaque to the > web page). good.
Radar WebKit Bug Importer
Comment 8 2019-03-06 13:24:26 PST
<rdar://problem/48649818>
Note You need to log in before you can comment on or make changes to this bug.