RESOLVED FIXED 195300
Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to RenderLayer 
https://bugs.webkit.org/show_bug.cgi?id=195300
Summary Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to Ren...
Wenson Hsieh
Reported 2019-03-04 16:36:39 PST
Code cleanup, SSIA.
Attachments
Patch (11.19 KB, patch)
2019-03-06 10:52 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Typo fix (11.17 KB, patch)
2019-03-06 10:54 PST, Wenson Hsieh 		simon.fraser: review+
DetailsFormatted DiffDiff
Patch for landing (11.17 KB, patch)
2019-03-06 11:40 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Wenson Hsieh
Comment 1 2019-03-06 10:52:42 PST Comment hidden (obsolete)
Wenson Hsieh
Comment 2 2019-03-06 10:54:15 PST
Created attachment 363759 [details] Typo fix
Simon Fraser (smfr)
Comment 3 2019-03-06 10:57:49 PST
Comment on attachment 363759 [details] Typo fix View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review > Source/WebCore/ChangeLog:8 > + Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function Backticks :\ > Source/WebCore/rendering/RenderLayer.cpp:6602 > +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.
Wenson Hsieh
Comment 4 2019-03-06 11:23:51 PST
Comment on attachment 363759 [details] Typo fix View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review >> Source/WebCore/ChangeLog:8 >> + Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function > > Backticks :\ Backtick'd text like this will show up as a code block in trac.webkit.org (I use it sometimes when referencing function names in ChangeLogs for this reason). But I'll remove it here anyways. >> Source/WebCore/rendering/RenderLayer.cpp:6602 >> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const > > It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective. An interesting point! That being said, it seems like (1) RenderLayer already knows how to walk out of its current frame in a few other places (e.g. scrollRectToVisible), and (2) the result of isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it only affects the behavior of platform-specific chrome that's opaque to the web page).
Wenson Hsieh
Comment 5 2019-03-06 11:40:24 PST
Created attachment 363766 [details] Patch for landing
WebKit Commit Bot
Comment 6 2019-03-06 12:18:06 PST
Comment on attachment 363766 [details] Patch for landing Clearing flags on attachment: 363766 Committed r242561: <https://trac.webkit.org/changeset/242561>
Simon Fraser (smfr)
Comment 7 2019-03-06 13:08:28 PST
(In reply to Wenson Hsieh from comment #4) > Comment on attachment 363759 [details] > An interesting point! That being said, it seems like (1) RenderLayer already > knows how to walk out of its current frame in a few other places (e.g. > scrollRectToVisible) There's a bug about that somewhere. > and (2) the result of > isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it > only affects the behavior of platform-specific chrome that's opaque to the > web page). good.
Radar WebKit Bug Importer
Comment 8 2019-03-06 13:24:26 PST
<rdar://problem/48649818>
Note You need to log in before you can comment on or make changes to this bug.