Closed Bug 1583251 Opened 2 months ago Closed 19 days ago

Check postMessage when deserializing as well

Categories

(Core :: DOM: Core & HTML, task)

task
Not set

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: tt, Assigned: tt)

References

(Blocks 1 open bug)

Details

Attachments

(6 files)

We did the check when serializing, but nika mentioned that we can have a condition like:

  1. window A postMesage (in-flight) to window B
  2. window B is navigated to another origin
  3. the message arrived the window B

Also, anne pointed out that even if we have a check on deserializing, the information might have already leak on the process B.

Blocks: 1567483
Status: NEW → ASSIGNED
Attachment #9099207 - Attachment description: Bug 1583251 - P2 - Fix some nits for serializing; → Bug 1583251 - P2 - Fix some format nits or naming nits for StructuredClone::Write;
Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9e9eaa78c436
P1 - Propagate the targetAgentClusterId to PostMessageEvent::Run(); r=nika
https://hg.mozilla.org/integration/autoland/rev/5d5e3dc17118
P2 - Fix some format nits or naming nits for StructuredClone::Write; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/248ad59168dd
P3 - Check if it is okay to allow shared memory while deserializing; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/0113c698b44d
P4 - Allow deserialize shared memory for Workers; r=nika,perry
https://hg.mozilla.org/integration/autoland/rev/bfe390ad771b
P5 - Having some js tests to verify the deserialize function; r=nika,lth
Attachment #9102552 - Attachment description: Bug 1583251 - P6 - Apply the change to sc.rs; sr=lth → Bug 1583251 - P6 - Apply the change to sc.rs; rs=lth
Attachment #9102552 - Attachment description: Bug 1583251 - P6 - Apply the change to sc.rs; rs=lth → Bug 1583251 - P6 - Apply the change to sc.rs;
Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b2c99cc8f60b
P1 - Propagate the targetAgentClusterId to PostMessageEvent::Run(); r=nika
https://hg.mozilla.org/integration/autoland/rev/51bb06ee4062
P2 - Fix some format nits or naming nits for StructuredClone::Write; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/8900fd9c1c09
P3 - Check if it is okay to allow shared memory while deserializing; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/481515dd4b9d
P4 - Allow deserialize shared memory for Workers; r=nika,perry
https://hg.mozilla.org/integration/autoland/rev/6145f7c31786
P5 - Having some js tests to verify the deserialize function; r=nika,lth
https://hg.mozilla.org/integration/autoland/rev/058946a415aa
P6 - Apply the change to sc.rs; r=sfink
You need to log in before you can comment on or make changes to this bug.