Bug 195300 - Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to RenderLayer
Summary: Move RenderObject::isTransparentOrFullyClippedRespectingParentFrames() to Ren...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Wenson Hsieh
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-03-04 16:36 PST by Wenson Hsieh
Modified: 2019-03-06 13:24 PST (History)
6 users (show)

See Also:

Attachments
Patch (11.19 KB, patch)
2019-03-06 10:52 PST, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Typo fix (11.17 KB, patch)
2019-03-06 10:54 PST, Wenson Hsieh 		simon.fraser: review+
Details | Formatted Diff | Diff
Patch for landing (11.17 KB, patch)
2019-03-06 11:40 PST, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wenson Hsieh 2019-03-04 16:36:39 PST 
Code cleanup, SSIA.
Comment 1 Wenson Hsieh 2019-03-06 10:52:42 PST Comment hidden (obsolete)
Comment 2 Wenson Hsieh 2019-03-06 10:54:15 PST 
Created attachment 363759 [details]
Typo fix
Comment 3 Simon Fraser (smfr) 2019-03-06 10:57:49 PST 
Comment on attachment 363759 [details]
Typo fix

View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review

> Source/WebCore/ChangeLog:8
> +        Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function

Backticks :\

> Source/WebCore/rendering/RenderLayer.cpp:6602
> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const

It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.
Comment 4 Wenson Hsieh 2019-03-06 11:23:51 PST 
Comment on attachment 363759 [details]
Typo fix

View in context: https://bugs.webkit.org/attachment.cgi?id=363759&action=review

>> Source/WebCore/ChangeLog:8
>> +        Move `isTransparentOrFullyClippedRespectingParentFrames()` from RenderObject to RenderLayer, since this function
> 
> Backticks :\

Backtick'd text like this will show up as a code block in trac.webkit.org (I use it sometimes when referencing function names in ChangeLogs for this reason). But I'll remove it here anyways.

>> Source/WebCore/rendering/RenderLayer.cpp:6602
>> +bool RenderLayer::isTransparentOrFullyClippedRespectingParentFrames() const
> 
> It strikes me that this potentially allows an iframe to learn things about its enclosing frames which is bad from a security perspective.

An interesting point! That being said, it seems like (1) RenderLayer already knows how to walk out of its current frame in a few other places (e.g. scrollRectToVisible), and (2) the result of isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it only affects the behavior of platform-specific chrome that's opaque to the web page).
Comment 5 Wenson Hsieh 2019-03-06 11:40:24 PST 
Created attachment 363766 [details]
Patch for landing
Comment 6 WebKit Commit Bot 2019-03-06 12:18:06 PST 
Comment on attachment 363766 [details]
Patch for landing

Clearing flags on attachment: 363766

Committed r242561: <https://trac.webkit.org/changeset/242561>
Comment 7 Simon Fraser (smfr) 2019-03-06 13:08:28 PST 
(In reply to Wenson Hsieh from comment #4)
> Comment on attachment 363759 [details]

> An interesting point! That being said, it seems like (1) RenderLayer already
> knows how to walk out of its current frame in a few other places (e.g.
> scrollRectToVisible)

There's a bug about that somewhere.

> and (2) the result of
> isTransparentOrFullyClippedRespectingParentFrames is never web-exposed (it
> only affects the behavior of platform-specific chrome that's opaque to the
> web page).

good.
Comment 8 Radar WebKit Bug Importer 2019-03-06 13:24:26 PST 
<rdar://problem/48649818>