On Wed, Feb 11, 2009 at 8:21 AM, Adam Barth <[email protected]> wrote: > I don't see why we need an HMAC. Just keep a set of valid window IDs > in RendererSecurityPolicy and validate the IDs as they come off the > IPC channel.
The HMAC comment in the commit log was just gentle musing, we probably should keep an explicit mapping of valid NativeViewId arguments. (That way we can revoke them easily too.) When I went round and NativeViewId'ed the renderer code I left the plugin code and messages alone because I frankly had no idea what was going on with them. Hopefully Dean does now ;) AGL --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
