Electrolysis/Meetings/2009-09-21-validation document navigation
From MozillaWiki
< Electrolysis | Meetings
Held on 2009/09/21 between bz, bsmedberg
(14:47:45) bsmedberg: Well, basically this is about: pages first (14:47:45) bsmedberg: and eventually process-per-domain (14:47:51) bsmedberg: so the chrome process wants the ability to see toplevel navigation and perhaps cancel/redirect it somewhere else (14:48:13) bz: right (14:48:21) ***bz thinks (14:48:31) bz: so from my pov, the ideal is that all navigation is async, as I said (14:48:46) bz: in the sense that content does something that should trigger a navigation (14:48:55) bz: we send a message to the chrome process to do that navigation (14:48:58) bz: then it does the navigation (14:48:59) bz: or something (14:49:07) bsmedberg: perhaps... (14:49:11) ***bz is not sure he's necessarily making sense. ;) (14:49:19) bsmedberg: the navigation data could be quite large, if you have form submission (14:49:24) bz: well (14:49:32) bz: we have to send that data to the chrome process anyway (14:49:33) bz: no? (14:49:38) bsmedberg: yeah, maybe (14:49:41) bz: just so it can put it on the wire.... (14:49:50) bsmedberg: I was figuring it would be in the form of a network request, but there are perhaps other ways to do ti! (14:50:16) bsmedberg: this is partly bug 514705, currently in robin_bb's queue (14:50:19) firebot: bsmedberg: Bug https://bugzilla.mozilla.org/show_bug.cgi?id=514705 nor, --, ---, moz@shorestreet.com, ASSI, The tab browser should inform the chrome process during navigation (14:50:26) bz: so here's the thing (14:50:28) bz: long term (14:50:39) bz: we want to move CheckLoadURI checks into the chrome process (14:50:49) bz: and not trust any self-reported principals of content processes (14:50:54) bz: right? (14:50:58) bsmedberg: hrm, I'm not sure that's ever going to be feasiable (14:51:30) bsmedberg: it's certainly not part of releasing anything, or even releasing anything with a sandbox (14:51:59) bz: it seems like it lets you trivially escape the sandbox.... (14:52:07) bz: if not done (14:52:15) bsmedberg: depends on what the sandbox is for, though (14:52:28) bsmedberg: If it's only to prevent viral infections and such, I think you're fine (14:53:03) bsmedberg: and protecting against XSS/cookiedata leaks is much harder due to interior iframes, document.cookie scripting, loading arbitrary JS/images (14:55:16) ***bz is not sure why it's fine (14:55:40) bz: as long as you can ask the chrome process to do network requests for you (14:55:50) bz: and it trusts your self-reported principal (14:55:55) bz: you can read arbitrary files (14:56:00) bz: and phone home (14:56:05) bz: not a viral infection (14:56:10) bz: but much worse than just XSS (15:01:36) bz: ok (15:01:40) bz: so are we set enough for now? (15:01:48) bz: It sounds like fred has things to do (15:01:56) bz: anything in particular _I_ should do on this front? (15:02:17) bz: Or should I focus on my plan, which is to work on getting the subprocess hookup in frameloader to be a little smoother? (15:02:27) bz: (modulo all the interruptions from layout/perf stuff) (15:02:50) bz: bsmedberg: and btw, if there are particular things that you think it's worth me focusing on more, please say (15:03:06) bz: bsmedberg: I can put layout/perf stuff on hold as needed. ;)
