Bug 42817

Summary:

Web Inspector: don't grant universal access to inspector front-end page

Product:

WebKit

Reporter:

Andrey Kosyakov <caseq>

Component:

Web Inspector (Deprecated)

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bweinstein, commit-queue, joepeck, keishi, pfeldman, pmuellr, rik, timothy, yurys

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
patch	none

Description Andrey Kosyakov 2010-07-22 04:47:34 PDT

We used to call SecurityOrigin::grantUniversalAccess() for inspector front-end page. This does not seem to be necessary anymore, so I suggest to remove it for slightly tighter security control.

Comment 1 Andrey Kosyakov 2010-07-22 04:50:54 PDT

Created attachment 62286 [details]
patch

Comment 2 Yury Semikhatsky 2010-07-22 05:39:07 PDT

Comment on attachment 62286 [details]
patch

WebKit/chromium/src/WebDevToolsFrontendImpl.cpp: 
 +      SecurityOrigin* origin = m_webViewImpl->page()->mainFrame()->domWindow()->securityOrigin();
IIRC we needed this to be able to set iframe content.  It shouldn't be necessary with new SourceFrame implementation.

Comment 3 WebKit Commit Bot 2010-07-22 09:39:49 PDT

Comment on attachment 62286 [details]
patch

Clearing flags on attachment: 62286

Committed r63896: <http://trac.webkit.org/changeset/63896>

Comment 4 WebKit Commit Bot 2010-07-22 09:39:54 PDT

All reviewed patches have been landed.  Closing bug.