RESOLVED FIXED 25706
Audit V8 bindings for V8Proxy::retrieveFrameForEnteredContext 
https://bugs.webkit.org/show_bug.cgi?id=25706
Summary Audit V8 bindings for V8Proxy::retrieveFrameForEnteredContext
Adam Barth
Reported 2009-05-11 14:40:01 PDT
In the V8 bindings, we use V8Proxy::retrieveFrameForEnteredContext in a bunch of places were we should be using retrieveFrameForCurrentContext. We should audit all these call sites and make sure they match JavaScriptCore. Match in this context is: retrieveFrameForEnteredContext <-> exec->dynamicGlobalObject retrieveFrameForCurrentContext <-> exec->lexicalGlobalObject Getting this right is important for security and subtle for compatibility.
Attachments
patch (no tests) (1.30 KB, patch)
2009-05-12 09:47 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
patch (with tests!) (19.39 KB, patch)
2009-05-12 10:56 PDT, Adam Barth 		dglazkov: review+
DetailsFormatted DiffDiff
Patch attempt 2 (2.46 KB, patch)
2009-05-20 15:52 PDT, Adam Barth 		dglazkov: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2009-05-12 09:47:22 PDT
Created attachment 30238 [details] patch (no tests) Turns out most of these match JSC. I think some of the JSC ones are wrong, but I'll deal with that in a separate patch. This patch makes V8 match JSC. No tests yet. (I don't have a machine that can both compile V8 and make LayoutTests.)
Aaron Boodman
Comment 2 2009-05-12 09:50:49 PDT
lgtm, but I am not a reviewer.
Adam Barth
Comment 3 2009-05-12 10:08:10 PDT
Thanks, but the patch isn't quite ready for review. It lacks tests and Changelog entries. I'll post an updated version in a bit.
Adam Barth
Comment 4 2009-05-12 10:56:05 PDT
Created attachment 30242 [details] patch (with tests!) Here's the complete patch.
Sam Weinig
Comment 5 2009-05-12 11:06:22 PDT
I don't feel comfortable reviewing the code change (as I don't know V8's bindings at all), but the tests look good!
Dimitri Glazkov (Google)
Comment 6 2009-05-12 11:33:23 PDT
Comment on attachment 30242 [details] patch (with tests!) Looks good -- can you add bug URL to changelog before landing?
Adam Barth
Comment 7 2009-05-12 12:42:22 PDT
Thanks. I always forget the bug URL. :) I'll land this tonight when I get back to my Mac.
Adam Barth
Comment 8 2009-05-12 20:13:59 PDT
Sending LayoutTests/ChangeLog Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-lexical-expected.txt Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-lexical.html Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-write-lexical-expected.txt Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-write-lexical.html Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-writeln-lexical-expected.txt Adding LayoutTests/http/tests/security/aboutBlank/security-context-grandchildren-writeln-lexical.html Sending WebCore/ChangeLog Sending WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp Transmitting file data ......... Committed revision 43604.
Adam Barth
Comment 9 2009-05-20 15:51:11 PDT
Turns out the CurrentContext wasn't right either. That gave us the context for the write() function itself.
Adam Barth
Comment 10 2009-05-20 15:52:48 PDT
Created attachment 30514 [details] Patch attempt 2 We actually want the *calling* context.
Adam Barth
Comment 11 2009-05-20 15:53:33 PDT
I should say this is covered by the tests from last time.
Dimitri Glazkov (Google)
Comment 12 2009-05-20 15:56:17 PDT
Comment on attachment 30514 [details] Patch attempt 2 r=me, but only if it works! :D
Adam Barth
Comment 13 2009-05-20 21:57:48 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp Committed r43958
Note You need to log in before you can comment on or make changes to this bug.