RESOLVED FIXED 104039
Web Inspector: Keep LiveEdit API disabled when idle 
https://bugs.webkit.org/show_bug.cgi?id=104039
Summary Web Inspector: Keep LiveEdit API disabled when idle
Peter Rybin
Reported 2012-12-04 13:59:57 PST
LiveEdit is a sophisticated routine in V8, and potentially it may have some vulnerabilities. Enable C-level blocks in V8 core, that won't allow LiveEdit code unless actually called LiveEdit command. Related Chromium bug: https://code.google.com/p/chromium/issues/detail?id=159124
Attachments
Patch (2.82 KB, patch)
2012-12-09 16:03 PST, Peter Rybin 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Peter Rybin
Comment 1 2012-12-09 16:03:39 PST
Created attachment 178444 [details] Patch
Yury Semikhatsky
Comment 2 2012-12-10 03:45:09 PST
Comment on attachment 178444 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=178444&action=review > Source/WebCore/bindings/v8/ScriptDebugServer.cpp:318 > + EnableLiveEditScope() { v8::Debug::SetLiveEditEnabled(true); } Can it happen that LiveEdit is already on and will be turned off when the scope is destroyed?
Peter Rybin
Comment 3 2012-12-10 05:15:18 PST
(In reply to comment #2) > (From update of attachment 178444 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=178444&action=review > > > Source/WebCore/bindings/v8/ScriptDebugServer.cpp:318 > > + EnableLiveEditScope() { v8::Debug::SetLiveEditEnabled(true); } > > Can it happen that LiveEdit is already on and will be turned off when the scope is destroyed? That's possibly, but shouldn't be considered a problem I think. The V8 API is not fully accurate here, because it should also provide getter. However I think we assume the only mode currently: LiveEdit is disabled all the time except when needed.
WebKit Review Bot
Comment 4 2012-12-24 08:00:56 PST
Comment on attachment 178444 [details] Patch Clearing flags on attachment: 178444 Committed r138442: <http://trac.webkit.org/changeset/138442>
WebKit Review Bot
Comment 5 2012-12-24 08:01:00 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.