Bug 66002

Summary: Web Inspector: do not evaluate watch expressions on load.
Product: WebKit Reporter: Pavel Feldman <pfeldman>
Component: Web Inspector (Deprecated)Assignee: Pavel Feldman <pfeldman>
Status: RESOLVED FIXED    
Severity: Normal CC: apavlov, bweinstein, joepeck, keishi, loislo, pfeldman, pmuellr, rik, timothy, webkit.review.bot, yurys
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

Description Pavel Feldman 2011-08-10 12:09:30 PDT 
Only do that upon scripts panel "show", stepping and reloads.
Comment 1 Pavel Feldman 2011-08-10 12:27:21 PDT 
Created attachment 103516 [details]
Patch
Comment 2 Yury Semikhatsky 2011-08-10 23:20:54 PDT 
Comment on attachment 103516 [details]
Patch

Is there a chance we have it tested?
Comment 3 Pavel Feldman 2011-08-10 23:25:36 PDT 
Comment on attachment 103516 [details]
Patch

By the time we get control on the front-end, malicious watch update is already performed, not sure how to test this very case :(
Comment 4 Yury Semikhatsky 2011-08-10 23:44:16 PDT 
(In reply to comment #3)
> (From update of attachment 103516 [details])
> By the time we get control on the front-end, malicious watch update is already performed, not sure how to test this very case :(

Well, the watch expression can have a side effect on the inspected page, say increment a counter in it and we can check that after frontend opening it has not been incremented yet. We would need to issue a request on the very early stage of the frontend loading though.
Comment 5 WebKit Review Bot 2011-08-11 00:56:29 PDT 
Comment on attachment 103516 [details]
Patch

Clearing flags on attachment: 103516

Committed r92827: <http://trac.webkit.org/changeset/92827>
Comment 6 WebKit Review Bot 2011-08-11 00:56:34 PDT 
All reviewed patches have been landed.  Closing bug.