RESOLVED FIXED 179281
Release-assert NoEventDispatchAssertion in canExecute, updateLayout, and updateStyle 
https://bugs.webkit.org/show_bug.cgi?id=179281
Summary Release-assert NoEventDispatchAssertion in canExecute, updateLayout, and upda...
Ryosuke Niwa
Reported 2017-11-03 21:24:54 PDT
We should release NoEventDispatchAssertion::InMainThread::isEventAllowed() ScriptController::canExecute, Document::updateLayout, and Document::updateStyle. This would prevent the vast majority of unwanted script executions that directly leads to security bugs in WebCore.
Attachments
Enables the assertion (8.83 KB, patch)
2017-11-03 22:41 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2017-11-03 21:35:43 PDT
<rdar://problem/35008993>
Ryosuke Niwa
Comment 2 2017-11-03 22:41:36 PDT
Created attachment 326020 [details] Enables the assertion
Build Bot
Comment 3 2017-11-03 22:44:02 PDT
Attachment 326020 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:12: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug, vulnerab [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
Antti Koivisto
Comment 4 2017-11-04 01:55:11 PDT
Comment on attachment 326020 [details] Enables the assertion r=me
WebKit Commit Bot
Comment 5 2017-11-07 09:41:09 PST
Comment on attachment 326020 [details] Enables the assertion Clearing flags on attachment: 326020 Committed r224534: <https://trac.webkit.org/changeset/224534>
WebKit Commit Bot
Comment 6 2017-11-07 09:41:11 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.