Summary: | Log a warning to the dev console when gamepads are accessed from an insecure context | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Brady Eidson <beidson> | ||||||
Component: | WebCore Misc. | Assignee: | Brady Eidson <beidson> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | aakash_jain, darin, ews-watchlist, mkwst, thorton, webkit-bot-watchers-bugzilla, webkit-bug-importer | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=215099 | ||||||||
Attachments: |
|
Description
Brady Eidson
2020-07-30 16:14:55 PDT
Created attachment 405735 [details]
Patch
Comment on attachment 405735 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405735&action=review > Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp:80 > + RELEASE_ASSERT(domWindow); > + auto* document = domWindow->document(); > + RELEASE_ASSERT(document); These seem ... aggressive? Why not just bail? (In reply to Tim Horton from comment #2) > Comment on attachment 405735 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=405735&action=review > > > Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp:80 > > + RELEASE_ASSERT(domWindow); > > + auto* document = domWindow->document(); > > + RELEASE_ASSERT(document); > > These seem ... aggressive? Why not just bail? Yah, because the signature to return an actual array is a bummer. I'll deal with it now sub optimally. Created attachment 405736 [details]
Patch
Committed r265160: <https://trac.webkit.org/changeset/265160> All reviewed patches have been landed. Closing bug and clearing flags on attachment 405736 [details]. Comment on attachment 405736 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405736&action=review > Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp:86 > + static std::once_flag onceFlag; > + std::call_once(onceFlag, [document] { I noticed that lots of people use the thread-safe std::call_once in code that otherwise is not thread safe. I often ask them to use a boolean instead. Am I the baddie? (In reply to EWS from comment #5) > Committed r265160: <https://trac.webkit.org/changeset/265160> This introduced a broken test for windows: http/tests/misc/gamepads-insecure.html EWS also warned about this failure, tracked in Bug 215099. |