WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
81970
Web Inspector: x-frame security errors logged when typing in the console are annoying.
https://bugs.webkit.org/show_bug.cgi?id=81970
Summary
Web Inspector: x-frame security errors logged when typing in the console are ...
David Levin
Reported
2012-03-22 14:42:59 PDT
Created
attachment 133350
[details]
outer frame 1. Save the two html documents to your local hard drive. 2. open test_iframe.html 3. open inspector and put a breakpoint in foo() 4. in the console type "window.frameElement" (Don't paste it. Actually type it.) or "window.parent.location", etc. Note that you get lots of "Unsafe JavaScript attempt to access frame with URL" errors in the console output as you type. This makes using the console really painful. Other: * These steps as given may only repro with browsers like chromium that treat all local files as different security origins. (You need the inner frame to be a different security origin to repro the issue.) * In my case, the errors don't collapse together (like they did for me in this simple example) -- perhaps that is because they have a stack trace.
Attachments
outer frame
(72 bytes, text/html)
2012-03-22 14:42 PDT
,
David Levin
no flags
Details
inner frame
(104 bytes, text/html)
2012-03-22 14:43 PDT
,
David Levin
no flags
Details
Patch
(22.95 KB, patch)
2012-04-18 08:03 PDT
,
Vsevolod Vlasov
no flags
Details
Formatted Diff
Diff
Patch
(23.04 KB, patch)
2012-04-18 09:44 PDT
,
Vsevolod Vlasov
no flags
Details
Formatted Diff
Diff
Patch
(23.03 KB, patch)
2012-04-18 11:07 PDT
,
Vsevolod Vlasov
no flags
Details
Formatted Diff
Diff
Patch
(35.13 KB, patch)
2012-04-19 07:54 PDT
,
Vsevolod Vlasov
no flags
Details
Formatted Diff
Diff
Show Obsolete
(3)
View All
Add attachment
proposed patch, testcase, etc.
David Levin
Comment 1
2012-03-22 14:43:32 PDT
Created
attachment 133351
[details]
inner frame
Vsevolod Vlasov
Comment 2
2012-04-18 08:03:29 PDT
Created
attachment 137688
[details]
Patch
Build Bot
Comment 3
2012-04-18 08:27:10 PDT
Comment on
attachment 137688
[details]
Patch
Attachment 137688
[details]
did not pass win-ews (win): Output:
http://queues.webkit.org/results/12427225
Pavel Feldman
Comment 4
2012-04-18 08:31:34 PDT
Comment on
attachment 137688
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=137688&action=review
> Source/WebCore/inspector/PageRuntimeAgent.cpp:72 > + Frame* mainFrame = m_inspectedPage->mainFrame();
I would use a counter here.
> Source/WebCore/inspector/PageRuntimeAgent.cpp:74 > + for (Frame* frame = mainFrame; frame; frame = frame->tree()->traverseNext(mainFrame))
I would use a static counter on console instead.
Vsevolod Vlasov
Comment 5
2012-04-18 09:44:43 PDT
Created
attachment 137711
[details]
Patch
Build Bot
Comment 6
2012-04-18 10:13:58 PDT
Comment on
attachment 137711
[details]
Patch
Attachment 137711
[details]
did not pass win-ews (win): Output:
http://queues.webkit.org/results/12429239
Vsevolod Vlasov
Comment 7
2012-04-18 11:07:52 PDT
Created
attachment 137725
[details]
Patch
Pavel Feldman
Comment 8
2012-04-19 03:26:08 PDT
Comment on
attachment 137725
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=137725&action=review
> Source/WebCore/page/Console.cpp:59 > + int s_muteCount = 0;
Either declare it in the Console.h or stop using the s_ prefix.
Vsevolod Vlasov
Comment 9
2012-04-19 06:28:46 PDT
Committed
r114628
: <
http://trac.webkit.org/changeset/114628
>
Csaba Osztrogonác
Comment 10
2012-04-19 07:38:22 PDT
Reopen, because it broke the debug build on Qt: ../../../../Source/WebCore/inspector/InspectorDebuggerAgent.cpp: In member function ‘virtual void WebCore::InspectorDebuggerAgent::evaluateOnCallFrame(WebCore::ErrorString*, const WTF::String&, const WTF::String&, const WTF::String*, const bool*, const bool*, const bool*, WTF::RefPtr<WebCore::TypeBuilder::Runtime::RemoteObject>&, WebCore::TypeBuilder::OptOutput<bool>*)’: ../../../../Source/WebCore/inspector/InspectorDebuggerAgent.cpp:492: error: no match for ‘operator!’ in ‘!WebCore::InspectorDebuggerAgent::scriptDebugServer()’ ../../../../Source/WebCore/inspector/InspectorDebuggerAgent.cpp:492: note: candidates are: operator!(bool) <built-in>
Vsevolod Vlasov
Comment 11
2012-04-19 07:54:41 PDT
Created
attachment 137901
[details]
Patch
Vsevolod Vlasov
Comment 12
2012-04-19 08:34:48 PDT
Committed
r114632
: <
http://trac.webkit.org/changeset/114632
>
Timothy Hatcher
Comment 13
2012-04-26 18:18:16 PDT
Renaming the existing doNotPauseOnExceptions parameter to doNotPauseOnExceptionsAndMuteConsole breaks backward compatibility with version 1.0 of the protocol. Renames should not be allowed. Am I correct? If so I'll file a bug about making the compatibility checking catch such things.
Pavel Feldman
Comment 14
2012-04-27 04:46:50 PDT
(In reply to
comment #13
)
> Renaming the existing doNotPauseOnExceptions parameter to doNotPauseOnExceptionsAndMuteConsole breaks backward compatibility with version 1.0 of the protocol. Renames should not be allowed. > > Am I correct? If so I'll file a bug about making the compatibility checking catch such things.
We do not guarantee compatibility of the hidden members (methods, parameters, etc). It is explicitly stated in the announcement and these members are missing in the documentation.
Timothy Hatcher
Comment 15
2012-04-27 07:06:08 PDT
(In reply to
comment #14
)
> (In reply to
comment #13
) > > Renaming the existing doNotPauseOnExceptions parameter to doNotPauseOnExceptionsAndMuteConsole breaks backward compatibility with version 1.0 of the protocol. Renames should not be allowed. > > > > Am I correct? If so I'll file a bug about making the compatibility checking catch such things. > > We do not guarantee compatibility of the hidden members (methods, parameters, etc). It is explicitly stated in the announcement and these members are missing in the documentation.
Sorry, I overlooked the fact that it was hidden. Too many things are hidden, so the protocol is pretty useless without using hidden members. What is your process and timeframe for unhiding minor things like this?
Pavel Feldman
Comment 16
2012-05-02 02:08:06 PDT
> What is your process and timeframe for unhiding minor things like this?
There is really no process / schedule for that. You should probably file bugs for such changes.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug