New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 748734 link

Starred by 0 users
Status: Untriaged
Owner: ----
Cc:
oysteine@chromium.org
erikc...@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

GRC: use introspection to associate URLs with frame coordination units

Project Member Reported by dcheng@chromium.org, Jul 25 2017 
https://chromium-review.googlesource.com/c/578482 plumbs URLs from RenderFrameHostImpl to a coordination unit. While this works, this is not ideal for several reasons:
- It requires duplicating the URL from //content into //services/resource_coordinator. Since GRC currently lives in the same process, this requires at a number of string copies.
- It eliminates a single source of truth for the URL of a frame. Navigation is quite complex (for example, we don't get document.open() quite right today), and now we have to make sure an additional location is updated.
- Coordination units can be accessed by any process (by design). An untrusted process can spoof this property.
- While GRC currently lives in the browser process, there's no guarantee it will remain so in the future. We definitely want to make sure URLs don't leak into an untrusted process if this changes.

erikchen@ makes a good point that the old tracing code embedded URLs as well though *shrug*
Project Member

Comment 1 by sheriffbot@chromium.org, Jul 26

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment