New issue
Advanced search Search tips

Issue 616820 link

Starred by 2 users

Issue metadata

Status: Started
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Move unique name computation to the browser process

Project Member Reported by creis@chromium.org, Jun 2 2016

Issue description

Frame unique names now avoid collisions in practice in default Chrome, unless a renderer process is exploited.  In OOPIF-enabled modes like --isolate-extensions or --site-per-process, it's still possible to get a collision if two iframes in different processes race to create the same name.

We should move unique name computation from Blink's FrameTree.cpp to the browser process to make them trustworthy.

See also  issue 588800  (where r397443 prevented common collisions),  issue 523372  (for concerns about unique name length), and issue 558680 (for the consequences of a collision, which include renderer kills due to mismatched URL and origin).
 
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 5 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 2 by creis@chromium.org, Jun 5 2017

Labels: -Hotlist-Recharge-Cold
Owner: dcheng@chromium.org
Status: Started (was: Untriaged)
dcheng@ has work in progress for this on  issue 626202 .

Sign in to add a comment