1583251 - Check postMessage when deserializing as well

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, task)

Description

[Tom Tung [:tt, :ttung]]

We did the check when serializing, but nika mentioned that we can have a condition like:

1. window A postMesage (in-flight) to window B
2. window B is navigated to another origin
3. the message arrived the window B

Also, anne pointed out that even if we have a check on deserializing, the information might have already leak on the process B.

Comment 1

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P1 - Propagate the targetAgentClusterId to PostMessageEvent::Run();

Comment 2

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P2 - Fix some format nits or naming nits for StructuredClone::Write;

Depends on D48347

Comment 3

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P3 - Check if it is okay to allow shared memory while deserializing;

Depends on D48348

Comment 4

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P4 - Allow deserialize shared memory for Workers;

Comment 5

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P5 - Having some js tests to verify the deserialize function;

Depends on D48560

Comment 6

[Tom Tung [:tt, :ttung]]

try https://treeherder.mozilla.org/#/jobs?repo=try&revision=2fcdacfb6aaf3a710a5e37341919d28e46c9cf3e

Comment 7

[Pulsebot]

Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9e9eaa78c436
P1 - Propagate the targetAgentClusterId to PostMessageEvent::Run(); r=nika
https://hg.mozilla.org/integration/autoland/rev/5d5e3dc17118
P2 - Fix some format nits or naming nits for StructuredClone::Write; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/248ad59168dd
P3 - Check if it is okay to allow shared memory while deserializing; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/0113c698b44d
P4 - Allow deserialize shared memory for Workers; r=nika,perry
https://hg.mozilla.org/integration/autoland/rev/bfe390ad771b
P5 - Having some js tests to verify the deserialize function; r=nika,lth

Comment 8

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1583251 - P6 - Apply the change to sc.rs;

Comment 9

[Razvan Maries]

Backed out for rust build bustages.

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedJob=271905744&resultStatus=testfailed%2Cbusted%2Cexception&revision=bfe390ad771b5bbaa5515e376dac91373c7837bd

Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=271905744&repo=autoland

Backout: https://hg.mozilla.org/integration/autoland/rev/53bf396c988d3634b7fd62673d515b0d5577306e

Comment 10

[Tom Tung [:tt, :ttung]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=65efd5d448988adef7b7081edbb2f2fd0fffe277

Comment 11

[Tom Tung [:tt, :ttung]]

One last try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=d831d09d0a0fe564c8bdbd1be3e5de6da4cfc88d

Comment 12

[Pulsebot]

Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2c99cc8f60b
P1 - Propagate the targetAgentClusterId to PostMessageEvent::Run(); r=nika
https://hg.mozilla.org/integration/autoland/rev/51bb06ee4062
P2 - Fix some format nits or naming nits for StructuredClone::Write; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/8900fd9c1c09
P3 - Check if it is okay to allow shared memory while deserializing; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/481515dd4b9d
P4 - Allow deserialize shared memory for Workers; r=nika,perry
https://hg.mozilla.org/integration/autoland/rev/6145f7c31786
P5 - Having some js tests to verify the deserialize function; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/058946a415aa
P6 - Apply the change to sc.rs; r=sfink

Comment 13

[Andreea Pavel [:apavel]]

https://hg.mozilla.org/mozilla-central/rev/b2c99cc8f60b
https://hg.mozilla.org/mozilla-central/rev/51bb06ee4062
https://hg.mozilla.org/mozilla-central/rev/8900fd9c1c09
https://hg.mozilla.org/mozilla-central/rev/481515dd4b9d
https://hg.mozilla.org/mozilla-central/rev/6145f7c31786
https://hg.mozilla.org/mozilla-central/rev/058946a415aa