Bug 26058 - Fix security context for database callbacks
Summary: Fix security context for database callbacks
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2009-05-28 02:07 PDT by Adam Barth
Modified: 2010-06-10 17:35 PDT (History)
1 user (show)

See Also:

work-in-progress patch (15.06 KB, patch)
2009-05-28 02:07 PDT, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2009-05-28 02:07:07 PDT
There are a few odds an ends left, mostly related to database callbacks.  The one outstanding issue (after this one) is XMLHttpRequest.  It uses some different APIs that I need to investigate.
Comment 1 Adam Barth 2009-05-28 02:07:58 PDT
Created attachment 30731 [details]
work-in-progress patch

Here is a sketch of the patch.  I didn't get a chance to finish it tonight, but hopefully I get it done soon.
Comment 2 Adam Barth 2009-05-31 13:54:51 PDT
This turned out to be trickier than expected.  We might need more information from the ExecState to do this right.  Investigating.
Comment 3 Sam Weinig 2009-05-31 14:49:43 PDT
What information is needed?
Comment 4 Adam Barth 2009-05-31 15:19:26 PDT
(In reply to comment #3)
> What information is needed?

Consider JSCustomXPathNSResolver::create


It's not clear to me that either lexicalGlobalObject or dynamicGlobalObject is the right thing here.  It seems like we probably want something equivalent to V8's CurrentContext (i.e., the frame associated with the method itself), but I haven't investigated this in detail.

In general, I don't really understand what this file is doing.  For example:


That line of code looks really wrong.  If the frame has been navigated since this object was created, this code looks like it's grabbing the ExecState for a random SecurityOrigin and calling this lookupNamespaceURI function.

Also, consider JSDatabase::transaction


Which frame should we use for the error callback?  Presumably the one associated with the database object itself (e.g., CurrentContent), not lexicalGlobalObject or dynamicGlobalObject.  Also, I have the same concern about grabbing the ExecState from the Frame after navigation for these database callbacks:

Comment 5 Sam Weinig 2009-05-31 15:59:53 PDT
Understood, this sounds like a similar concept I think we need for constructing the correct prototype chains for objects.