For naming consistency with [CheckAccessToNode], we can rename the following IDL attributes: [CheckDomainSecurity] => [CheckAccessToFrame] [DoNotCheckDomainSecurity] => [DoNotCheckAccessToFrame] [DoNotCheckDomainSecurityOnGetter] => [DoNotCheckAccessToFrameOnGetter] [DoNotCheckDomainSecurityOnSetter] => [DoNotCheckAccessToFrameOnSetter] Adam: Would it make sense? If so, I'll make a patch.
Created attachment 127517 [details] Patch
Comment on attachment 127517 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=127517&action=review > Source/WebCore/ChangeLog:12 > + - [CheckDomainSecurity] => [CheckAccessToFrame] > + - [DoNotCheckDomainSecurity] => [DoNotCheckAccessToFrame] I'm not super excited about mentioning "frame" here because that's not quite right. We should be checking access to the ScriptExecutionContext (although we don't get that 100% correct yet). How about: CheckAccess DoNotCheckAccess ? > Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:1694 > push(@implContent, " if (!castedThis->allowsAccessFrom(exec))\n"); For example, |castedThis| might not be a Frame. We're just generally checking access.
(In reply to comment #2) > > + - [CheckDomainSecurity] => [CheckAccessToFrame] > > + - [DoNotCheckDomainSecurity] => [DoNotCheckAccessToFrame] > > I'm not super excited about mentioning "frame" here because that's not quite right. We should be checking access to the ScriptExecutionContext (although we don't get that 100% correct yet). How about: > > CheckAccess > DoNotCheckAccess Thanks. Then [CheckDomainSecurity] might be better than [CheckAccess] in that it is clear that it is checking domain security. Instead, how about renaming [CheckAccessToNode] to [CheckDomainSecurityForNode]?
> Instead, how about renaming [CheckAccessToNode] to [CheckDomainSecurityForNode]? The problem is that "domain security" isn't a term that's used elsewhere. We usually call it the same-origin policy... How about just [CheckSecurity] or [CheckSameOriginPolicy]? The name [CheckSecurityForNode] makes sense and seems better than [CheckDomainSecurityForNode] or [CheckSameOriginPolicyForNode]...
Created attachment 127731 [details] Patch
(In reply to comment #4) > How about just [CheckSecurity] or [CheckSameOriginPolicy]? The name [CheckSecurityForNode] makes sense and seems better than [CheckDomainSecurityForNode] or [CheckSameOriginPolicyForNode]... Sounds good! I uploaded patches: [*CheckDomainSecurity*] => [*CheckSecurity*] : this patch [CheckAccessToNode] => [CheckSecurityForNode] : bug 78991
Comment on attachment 127731 [details] Patch Clearing flags on attachment: 127731 Committed r108201: <http://trac.webkit.org/changeset/108201>
All reviewed patches have been landed. Closing bug.