RESOLVED FIXED 179107
Assert that NoEventDispatchAssertion is not in the stack when executing a script
https://bugs.webkit.org/show_bug.cgi?id=179107
Summary Assert that NoEventDispatchAssertion is not in the stack when executing a script
Ryosuke Niwa
Reported 2017-11-01 00:36:21 PDT
We should assert that we're not trying to execute script when NoEventDispatchAssertion is in the stack.
Attachments
Adds assertion (4.59 KB, patch)
2017-11-01 00:42 PDT, Ryosuke Niwa
simon.fraser: review+
Ryosuke Niwa
Comment 1 2017-11-01 00:42:12 PDT
Created attachment 325554 [details] Adds assertion
Ryosuke Niwa
Comment 2 2017-11-01 00:42:47 PDT
Once this patch is landed, we can make NoEventDispatchAssertion cheap enough for the main thread to release-assert.
Radar WebKit Bug Importer
Comment 3 2017-11-01 00:43:25 PDT
Build Bot
Comment 4 2017-11-01 00:45:33 PDT
Attachment 325554 [details] did not pass style-queue: ERROR: Source/WebCore/bindings/js/ScriptController.cpp:681: Please replace ASSERT_WITH_SECURITY_IMPLICATION() with RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(). [security/assertion] [5] Total errors found: 1 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.
Simon Fraser (smfr)
Comment 5 2017-11-01 10:52:40 PDT
Comment on attachment 325554 [details] Adds assertion View in context: https://bugs.webkit.org/attachment.cgi?id=325554&action=review > Source/WebCore/bindings/js/ScriptController.cpp:681 > + ASSERT_WITH_SECURITY_IMPLICATION(NoEventDispatchAssertion::isEventAllowedInMainThread()); Please add a blank line after this.
Ryosuke Niwa
Comment 6 2017-11-01 13:30:23 PDT
(In reply to Simon Fraser (smfr) from comment #5) > Comment on attachment 325554 [details] > Adds assertion > > View in context: > https://bugs.webkit.org/attachment.cgi?id=325554&action=review > > > Source/WebCore/bindings/js/ScriptController.cpp:681 > > + ASSERT_WITH_SECURITY_IMPLICATION(NoEventDispatchAssertion::isEventAllowedInMainThread()); > > Please add a blank line after this. Done that.
Ryosuke Niwa
Comment 7 2017-11-01 13:36:50 PDT
Talked with Keith (Miller) and Saam to confirm that creating event listener wouldn't run arbitrary scripts to be sure.
Ryosuke Niwa
Comment 8 2017-11-01 13:39:00 PDT
Note You need to log in before you can comment on or make changes to this bug.