Possibly reject frame-scoped interface requests coming from RFs no longer active |
|||
Issue descriptionIncoming interface requests from a render frame that is no longer active (e.g. being swapped out) can be confusing to implementors of those interfaces. While there might be a few things where we want that to work, rejecting such interface requests by default is probably the safer thing to do. Since there has been at least one actual security bug resulting from this ( Issue 736357 ), we should address this as soon as possible.
,
Jul 6 2017
One alternative I've been considering is to provide not only a WebContentsFrameBindingSet, but also a WebContentsMainFrameBinding, which does all of this under the hood safely, so that implementors do not have to resort to one-off solutions. WDYT?
,
Jul 6 2017
Interesting. I'd say it depends on how common the pattern is. Using WCO to receive IPC is fairly ubiquitous across content embedder feature code. If the same can be said for main-frame-only IPC, it may be worth changing.
My addendum to that proposal would be to simply make it an option on WCFBS to avoid introducing yet another magic-helper-thing, e.g.:
enum class FrameBindingPolicy {
kAllFrames,
kMainFrameOnly,
};
,
Jul 6
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 17
|
|||
►
Sign in to add a comment |
|||
Comment 1 by engedy@chromium.org
, Jul 6 2017