Have you considered how incognito interacts with extensions that have NPAPI
components? It might not be feasible to create a second, isolated instance
of those extensions because the NPAPI component has direct access to system
calls.
I wonder if read-only access to localStorage will be confusing
On Mon, Jan 11, 2010 at 12:21 PM, Paweł Hajdan, Jr.
wrote:
> Is there any security risks with passing raw ftp listings to the
> renderer in case we can't parse them? We already have a check in the
> code so that we will only make a data connection to the server we have
> the control connection wit
On Wed, Jan 6, 2010 at 10:01 AM, MarkM wrote:
> Adam, I'm curious in what way the new @sandbox
> primitives would be better than this at containing advertisements.
The main benefit is that it's implementable by publishers unilaterally
without help from the advertising network or advertisers. Sim
Instead of DOMUI, why not use an extension to display the directory
listing? You can put the icons in the CRX.
Adam
On Tue, Jan 5, 2010 at 4:16 PM, Evan Martin wrote:
> I talked with Arv in person and I think I sufficiently convinced him
> that getting DOMUI security right is tricky. (Conside
On Tue, Jan 5, 2010 at 5:56 AM, Mathias Wagner wrote:
> Thanks a lot for all this information. Very interesting discussion on
> the wathwg mailing list. But as far as I understand the HTML 5 sandbox
> attribute is not very useful, because it is only for iFrames. And
> nobody wants to have a hundre
Hi Mathias. Thanks for your interest. See below:
On Mon, Jan 4, 2010 at 6:09 AM, Mathias Wagner wrote:
> 1. Are there any plans of implementing stuff like this in Google
> Chrome or WebKit in general? Please note that there is a difference
> compared to the approach of Mozilla called Content Se
On Fri, Dec 18, 2009 at 9:47 AM, Charles Reis wrote:
> Any other examples of browser state that would be tough to restore? How bad
> would this be for open network connections? (I imagine it's like the
> network cutting out for a bit.)
Right, we'd have to make sure that every IPC message could
Currently our multiprocess architecture lets the browser keep going
when one of its tabs crash, but why can't we keep the tabs going when
the browser crashes?
At a high level, imagine we had a watchdog process that kept track,
essentially, of the tab model and the navigation controllers. When
the
There's also the FixedUnreleased status, which we usually use for
security bugs. That seems to fit this use case too.
Adam
On Wed, Dec 16, 2009 at 2:22 PM, Aaron Boodman wrote:
> On Wed, Dec 16, 2009 at 2:03 PM, Evan Stade wrote:
>> On Wed, Dec 16, 2009 at 1:55 PM, Aaron Boodman wrote:
>>>
>
On Thu, Dec 10, 2009 at 2:44 AM, Ian Hickson wrote:
> I'd recommend switching to a mixed content lock whenever any
> interaction occurs with any insecure content (unencrypted or imperfect
> cert), whether that be posting to an http:// window with
> postMessage(), receiving a message (and actually
On Wed, Dec 9, 2009 at 4:33 PM, Jeremy Orlow wrote:
> Personally, I feel the opposite, and I'm not sure the "perfect is the enemy
> of good" analogy doesn't really fit. If we erode the meaning of the secure
> (as opposed to mixed) content icon, it seems like we're just going to need
> to create U
In principle, the correct thing to do is keep track of the mixed
content state of the shared worker and infect whichever windows
interact with the worker. However, I suspect this is one of those
cases where the perfect is the enemy of the good. For the time being,
I'm fine with having the SharedW
y moved between multiple
> apps and sites that support geolocation.
> -Alex
>
> On Nov 28, 2009, at 5:07 PM, Adam Barth wrote:
>
>> Nice mocks. A few questions:
>>
>> 1) Why green? The other infobars in the product are yellow.
>> Historically, green in b
Nice mocks. A few questions:
1) Why green? The other infobars in the product are yellow.
Historically, green in browsers has signaled extended validation.
2) Is there any difference in presentation for SSL versus non-SSL
sites? From the mocks, it looks like we're showing the host name but
not
On Wed, Nov 25, 2009 at 11:38 AM, John Gregg wrote:
> Hi,
> I was investigating how notifications should work in incognito mode, and
> came across the fact that the PrefsService for the incognito profile is the
> same one as the real profile. In some ways I guess that makes sense, since
> it's st
rid of, e.g., absolute paths, but that
> should be doable. Two problems I can immediately see: 1) they take a
> notable amount of time, 2) I don't know if it's possible/easy to
> install an extension into the test.
>
> Any comments are most appreciated,
> yours
On Sat, Nov 21, 2009 at 12:08 PM, Jens Alfke wrote:
> Disclaimer: This code is fairly nasty and even though I've messed with it for
> a month or two I don't feel that I fully understand it, especially the map.
> (I think the map code needs a redesign at some point: for example, it really
> frig
I "wrote" most of this code in the sense that I took the old garbage
collector design and refactored it to make isolated worlds possible.
I don't understand the MessagePorts lifetime issues in detail,
however.
Adam
On Fri, Nov 20, 2009 at 7:02 PM, Drew Wilson wrote:
> So I looked into the probl
at 4:52 PM, Jeremy Orlow wrote:
>> On Thu, Nov 12, 2009 at 1:50 PM, Adam Barth wrote:
>>>
>>> On Thu, Nov 12, 2009 at 1:46 PM, Jeremy Orlow wrote:
>>> > Btw, there's a webkit-dev thread out there right now about adding try
>>> > servers
On Thu, Nov 12, 2009 at 1:46 PM, Jeremy Orlow wrote:
> Btw, there's a webkit-dev thread out there right now about adding try
> servers. I don't think anyone's figured out where the hardware will come
> from though.
Currently my plan is to donate machines from my apartment. A lack of
hardware is
We might or might not decide to implement page cache (Darin is in the
"might not" camp). In either case, this LayoutTest shouldn't drive
that decision.
Adam
On Thu, Nov 5, 2009 at 12:17 PM, Tony Chang wrote:
> It sounds like the test depends on the page cache being enabled so we
> won't be ab
isolated worlds (it at least passes layout tests).
>
> Could someone either see if it helps or give me instructions how to bench it?
>
> yours,
> anton.
>
> On Tue, Oct 27, 2009 at 8:04 PM, Anton Muhin wrote:
>> On Tue, Oct 27, 2009 at 8:00 PM, Adam Barth wrote:
>&g
Can we note this on dev.chromium.org somewhere?
Adam
On Thu, Nov 5, 2009 at 11:16 AM, Steve VanDeBogart wrote:
> This afternoon I will update DEPS to pull in 170MB of profile data for
> memory_test. Unless you run memory_test, you probably want to add the
> following line to the custom_deps se
Please do. :)
Adam
On Wed, Nov 4, 2009 at 6:27 PM, Alex Faaborg wrote:
> Earlier today at Mozilla the UX team along with Mike Beltzner and Johnathan
> Nightingale spent a good deal of time discussing how we want to evolve the
> security UI in Firefox. We are planning on making a few changes
On Tue, Nov 3, 2009 at 12:54 AM, Mike Hearn wrote:
> Yeah, I understood :) I haven't seen much discussion of these issues
> so figured I'd try and start some - perhaps a lurker would be
> motivated to work on it. Or maybe the Chrome team in a later release.
We had a lot of discussion on this top
I'm sorry if my email came off as dismissive. I really would like to
see some serious study of user interfaces for certificate errors. I
think everyone agrees that the current designs can be improved. We
even know how to measure success (e.g.,
http://www.usenix.org/events/sec09/tech/full_papers
On Mon, Nov 2, 2009 at 11:23 AM, Mike Hearn wrote:
> I'm concerned about the way Chromium displays SSL security indicators,
> which this blog post reminded me about:
>
> http://chrome.blogspot.com/2009/10/are-you-seeing-red.html
>
> There have been a few studies of SSL usability and the conclus
I'm sorry for introducing this pattern in base::Thread. It's bitten
use several times over the course of the project. If you see a better
design, please don't hesitate to fix it.
Adam
On Fri, Oct 30, 2009 at 3:12 PM, Jeremy Orlow wrote:
> I've spent a good deal of this week trying to track d
On Wed, Oct 28, 2009 at 12:24 PM, Antoine Labour wrote:
> On Wed, Oct 28, 2009 at 12:05 PM, Adam Barth wrote:
>> I bet the reason Windows startup feels slower is whatever drawing
>> operation we're using for the main content area is slow. The
>> top-to-bottom sweep p
On Wed, Oct 28, 2009 at 8:05 AM, Evan Martin wrote:
> General comments: Linux tends to be "lighter" which means it does
> better on older hardware, so depending on what sorts of laptops you're
> talking about that could be a major factor. Windowses later than 2000
> or so need surprising amounts
On Wed, Oct 28, 2009 at 8:47 AM, Erik Corry wrote:
> Do you have anti-virus software on your Windows machines?
No. I could editorialize here, but I wont.
Adam
--~--~-~--~~~---~--~~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives,
On Tue, Oct 27, 2009 at 10:27 PM, Darin Fisher wrote:
> What version of Windows are you using? I find the double-buffering on Vista
> and Win7 to have a big negative impact on performance as compared to WinXP.
> I'm always delighted to run Chrome on my old WinXP laptop. It seems so
> much fast
My three laptops have relatively comparable hardware and run Chrome on
Windows, Mac, and Linux respectively. The Linux version of Chrome
feels ridiculously faster than Windows and Mac. Do we understand why
this is? Can we make Windows and Mac feel that fast too?
General observations:
1) Scrol
On Tue, Oct 27, 2009 at 9:52 AM, Anton Muhin wrote:
> if we're sure accessing hidden property is a bottleneck, it should be
> easily solvable: for long time I was toying idea to compile this code
> into native, but didn't see compelling enough reason to do that. The
> easy way to measure it woul
In creating isolated worlds, I optimized the performance for the "no
content script" case. I suspect there's room for improvement in the
"one or more content script" case. For example, the current way we
figure out that we're running in an isolated world is slow because we
do a V8 HiddenProperty
It seems like we need to draw the line somewhere. Otherwise, we'll
end up exposing the whole DOM via the WebKit API. Where do you think
the optimum cut-off is?
Adam
On Tue, Oct 20, 2009 at 1:55 PM, Marshall Greenblatt
wrote:
> Hi All,
>
> The Chromium WebKit API does not currently provide a
It looks like Brent Fulgham is strongly considering moving his Windows
WebKit port to Skia:
http://whtconstruct.blogspot.com/2009/10/exploring-skia.html
Is there some way we could help him out by making the code in src/skia
more easily re-usable by other projects?
Adam
--~--~-~--~~
On Wed, Oct 14, 2009 at 2:48 PM, Michael Nordman wrote:
> As mentioned f2f, this falls apart as soon as Chrome tries to manufacture a
> security origin. I'm not sure, may already have instances of that in the
> code base for all I know.
I'm not sure Chrome is smart enough to manufacture a Securi
On Tue, Oct 13, 2009 at 1:35 PM, Peter Kasting wrote:
> On Tue, Oct 13, 2009 at 1:31 PM, Dirk Pranke wrote:
>>
>> I have not heard of any discussion of this spec or if we plan to
>> implement it. Anyone have any thoughts?
>
> We've mentioned implementing it in the past and Linus has been favorab
On Tue, Oct 13, 2009 at 8:09 AM, David Levin wrote:
> The webkit api won't help if chromium folks (especially when you change v8
> bindings) don't run the layout tests which is what happened yesterday and
> causes quite a few of our worst problems while gardening.
I agree this is essential.
> I
The first step is usually to build a reduced test case. The MSNBC
home page is pretty complex. Try removing things until you find the
simplest thing that still exhibits the bug.
Adam
On Fri, Oct 2, 2009 at 7:32 AM, spotrh wrote:
>
> A Fedora user recently reported that loading www.msnbc.com
Nice!
On Wed, Sep 30, 2009 at 3:47 PM, Eric Seidel wrote:
>
> Who knew?
>
> Looks like Mark (Rowe) recently updated their buildbot:
> http://build.webkit.org/console
>
> Very hot.
>
> There is no link to it anywhere that I can see.
>
> -eric
>
> >
>
--~--~-~--~~~---~
When are you proposing trashing the global object? I don't think
there's any particular time when we know this is safe. Recall that
someone can call a function from an inactive document whenever they
have a pointer to that function.
Adam
On Tue, Sep 29, 2009 at 10:48 AM, Jens Alfke wrote:
>
On Fri, Sep 25, 2009 at 10:43 AM, Mohamed Mansour wrote:
> I could submit a cleaner patch (which does it right) that introduces Kiosk
> mode for Chrome. Are there any objections?
None from me. :)
Adam
--~--~-~--~~~---~--~~
Chromium Developers mailing list: chro
On Thu, Sep 24, 2009 at 10:07 PM, Darin Fisher wrote:
> Maybe I'm in the minority, but it doesn't sound that unreasonable to support
> command line options for disabling the status bubble and starting in full
> screen mode. We could lump these together into a --kiosk-mode command line
> flag. T
On Thu, Sep 24, 2009 at 9:46 PM, Jenn Braithwaite (胡慧鋒)
wrote:
> Answering my own question:
> * Don't use ScopedRunnableMethodFactory to create a task to be run on a
> different thread.
Yeah, that doesn't work. If you can think of more DCHECKs we can add
to help you figure that out more quickly
Have you considered using Google Chrome Frame instead? That would let
you keep all your existing IE7 integration points but have the
rendering speed up by the factor of 10 that you cited.
Adam
On Thu, Sep 24, 2009 at 11:37 AM, Mohamed Mansour wrote:
> At work today, I talked to the CEO of my
the try script grabs these settings
>> >> > automatically
>> >> > from
>> >> > a codereview.settings file. If we start by putting this file in
>> >> > third_party\WebKit, then people who start with their patch there
>> >> &
On Tue, Sep 22, 2009 at 6:25 PM, John Abd-El-Malek wrote:
> Is this even possible? i.e. I had uploaded a WebKit patch on codereview but
> none of the patchsets got run on the try server
> http://codereview.chromium.org/178030/show
It is possible:
aba...@zenque:~/svn/kr/src/third_party/WebKit$
On Tue, Sep 22, 2009 at 6:15 PM, Dimitri Glazkov wrote:
> I think this is the key point. This is a temporary situation. The
> biggest issue is that _we_ as a team are the key aggravators of the
> issue. Let's solve it by being more diligent on the upstream side,
> because that's where we'll live
On Tue, Sep 22, 2009 at 6:06 PM, Dimitri Glazkov wrote:
> 1) if you write a Chromium patch for WebKit, you must provide URLs of
> successful trybot runs with your submission. Chromium WebKit reviewers
> will not r+ your patch otherwise. If you can't provide the trybot URLs
> for some reason, plea
On Tue, Sep 22, 2009 at 5:40 PM, Nicolas Sylvain wrote:
> If this is an issue, I am proposing that Webkit merges be done outside peak
> hours (11am-5pm pacific).
This seems backwards. Don't we want to integrate more often so we can
catch and fix these issue faster? Ideally, we'll be able to me
On Thu, Sep 17, 2009 at 5:20 PM, Adam Barth wrote:
> There's a slight race condition in making various things public.
> Basically, this is a mechanism a high-security site can use to signal
> to the browser that it would like strict handling of HTTPS errors.
> For example, when t
There's a slight race condition in making various things public.
Basically, this is a mechanism a high-security site can use to signal
to the browser that it would like strict handling of HTTPS errors.
For example, when the site opts into this features, HTTPS certificate
errors will be treated as
On Wed, Sep 16, 2009 at 9:33 AM, Marc-Antoine Ruel wrote:
> That's where in fact you need to duplicate the page; just preemptively
> taking a print preview and ignoring the rest doesn't work. The first
> thing the user will ask is to change the page setup and you need
> access to the original dat
Awesome! Thanks for doing this.
Adam
On Mon, Sep 14, 2009 at 2:11 PM, Eric Roman wrote:
>
> Note that the URL for viewing HTTP cache entries has been changed from:
> view-cache:HTTPURL
> To:
> about:cache/HTTPURL
>
> (about:cache is itself a shorter alias
> chrome://net-internals/view-cache
You can try using the --user-data-dir flag to point the test instance
of Chrome at a dedicated testing profile. That will mean the
--disable-hang-monitor instance will actually stay around.
Adam
On Thu, Sep 10, 2009 at 2:40 PM, Mike Morearty wrote:
>
> Hi,
>
> I'm a developer at Adobe, on the
On Thu, Sep 10, 2009 at 3:11 PM, Darin Fisher wrote:
> Yeah, whatever problems we have with view-net-internal, we must have with
> view-cache. Before making a change, we should understand why view-cache
> hasn't been a problem. Or, has it?
It's not as concrete as having a vulnerability or not.
On Thu, Sep 10, 2009 at 2:56 PM, Eric Roman wrote:
> In the chromium trunk builds later than r25926, there is a new info page,
> "view-net-internal:"
Can we move this to chrome://net-internal/ ? Proliferating random
schemes adds up to a security issue. The "chrome" scheme has a bunch
of mitiga
Yay! That's super awesome.
Adam
On Tue, Sep 8, 2009 at 8:50 PM, Dimitri Glazkov wrote:
>
> Dear Chromiumites and friends of the show,
>
> We now have a builder upstream that builds Chromium webkit port:
> http://build.webkit.org/waterfall (look to the very right of the
> columns).
>
> Granted,
On Tue, Sep 8, 2009 at 6:02 PM, Drew Wilson wrote:
> How will V8 bindings be handled - is it our intention that the burden of
> creating/maintaining V8 bindings will be shouldered by the WebKit community?
This will likely meet with resistance in the WebKit community.
> Or is it expected that the
Dear Mac folks:
Thanks for making Mac Chrome launch ridiculously fast. I really enjoy
that, on my laptop, the main window is painted before the dock icon
has even crested its first bounce.
Adam
--~--~-~--~~~---~--~~
Chromium Developers mailing list: chromium-dev
After some effort tuning performance, I've turned our reflective
cross-site scripting (XSS) filter back on. Please be on the lookout
for compatibility issues. The filter has been on by default in the
WebKit nightly builds for about a month, so hopefully we've flushed
out most of the false positi
On Thu, Sep 3, 2009 at 7:51 PM, Matt Perry wrote:
> "public": false,
Does that mean the default is now true? It's probably a good idea to
make the default value false here.
Adam
--~--~-~--~~~---~--~~
Chromium Developers mailing list: chromium-dev@googlegroups.co
Yay! This is fantastic!
Adam
On Wed, Aug 26, 2009 at 11:47 PM, Darin Fisher wrote:
> Thanks to bevc and nsylvain, we now have performance bots testing chromium
> with the very latest webkit code:
> http://build.chromium.org/buildbot/waterfall.fyi/waterfall?branch=&builder=XP+Perf+(webkit.org)&
Indeed. The diagram could certainly be improved. If you are
artistically inclined, I hope you'll consider improving the diagram
after you gain a solid understanding of how the components fit
together.
Adam
On Mon, Aug 24, 2009 at 12:49 PM, hap 497 wrote:
> Thanks. But the picture in the docum
You want to look at the MessageLoop and possibly RenderViewHost.
Adam
On Thu, Aug 20, 2009 at 11:27 PM, n179911 wrote:
>
> Hi,
>
> From this chromium document,
> http://sites.google.com/a/chromium.org/dev/developers/design-documents/multi-process-architecture
>
> Browser has an IO thread which
In case not everyone follows webkit-dev, bugs.webkit.org has lost the
last 17 hours of activity:
https://lists.webkit.org/pipermail/webkit-dev/2009-August/009535.html
If you made a change to WebKit's Bugzilla in the last 17 hours, you
should probably do it again.
Adam
--~--~-~--~~-
On Thu, Aug 20, 2009 at 2:42 PM, Evan Stade wrote:
> A lot of webpages highlight stuff without your input (with
> javascript). Are you sure you want a webpage to be able to clobber
> your clipboard?
In general, this is a bad idea. Imagine a web page selecting this text
cat /etc/passwd | netcat
On Thu, Aug 20, 2009 at 2:30 PM, Viet-Trung Luu wrote:
> The observant will note that these same browsers (on Mac, at least)
> allow you to select everything by clicking on the border of the location
> bar.
That's pretty cool! The target area is kind of tiny though...
Adam
--~--~-~--~-
On Thu, Aug 20, 2009 at 12:07 PM, JT Olds wrote:
> 1) on a single click to the omnibox, the cursor should be placed. The
> contents of the omnibox should not be selected.
We violate this convention on Windows too. We do this because the
most common reason to click in the omnibox is to replace i
I reverted the change because the page cycler regression appears to be
real. I'm not entirely sure how to track down the issue. Is there a
way I can run page cycler locally? The page_cycle_tests complains
that I don't have the test data...
Adam
On Wed, Aug 19, 2009 at 11:42 PM,
Tonight, in r23805, I enabled a reflective cross-site scripting (XSS)
filter for Chromium. The goal of this filter is to automatically
protect web sites from certain kinds of XSS vulnerabilities. The
filter might have some false positives (and block legitimate web site
behavior). If you see a w
Maybe we should alias about:extensions to point to chrome://extensions/ ?
Adam
On Tue, Aug 18, 2009 at 2:20 PM, Peter Kasting wrote:
> On Tue, Aug 18, 2009 at 1:32 PM, Robert Dailey wrote:
>>
>> Hello, I'm asking here and not in the chromium-discuss list because
>> I'm using the very latest CI
On Tue, Aug 18, 2009 at 5:37 AM, Evan Martin wrote:
> I think it'd be neat to somehow use git's distinction of author vs
> committer such that when you patch in a cl (with "git cl patch") it
> plumbs the rietveld-side author info into the local git commit info
> and from there into the svn commit,
On Mon, Aug 17, 2009 at 11:46 PM, PhistucK wrote:
> Also, I just noticed I cannot delete the items manually from Google Docs, it
> says they come from a read only source. This is not optimal, I want to be
> able to manipulate the things I have in my own Google Docs account, from
> within Google Do
On Sun, Aug 16, 2009 at 7:03 AM, Ben Laurie wrote:
> I see some people like to use git to work on chromium. How about
> mercurial? Has anyone tried it? Is there some reason it doesn't work
> so well?
Several members of the team are passionate about git and have worked
on the tools to make git wor
In our new core principles document we name specific technologies
(e.g., V8 and WebKit):
http://dev.chromium.org/developers/core-principles
I wonder if we should be less committed to the individual technologies
and more to our motivations for picking those technologies. If
tomorrow aliens lande
We should avoid proliferating more magical schemes. Please consider
reusing existing schemes, such as chrome-resource. If you do add
schemes, please consider registering them in
ChildProcessSecurityPolicy.
Adam
On Thu, Aug 13, 2009 at 1:26 PM, Tim Steele wrote:
>
>
> On Thu, Aug 13, 2009 at 1
Please do file these bugs. They should probably get their own tag
(SafePlugins, maybe?) and will be moved to Mstone-X because enabling
--safe-plugins by default is not a feature assigned to a specific
milestone.
Thanks!
Adam
On Tue, Aug 11, 2009 at 7:05 PM, Caleb Eggensperger wrote:
>
> I have
On Sat, Aug 8, 2009 at 12:14 PM, PhistucK wrote:
> Yeah, obviously, if you have the resources.
> And I am suggesting and requesting that, merely for testing purposes. This
> could help people test the binary up front without having to install, for
> example.
> Web developers can use it as well as
I believe Eric Seidel just fixed this bug. He can tell you more.
Adam
On Sat, Aug 8, 2009 at 10:03 AM, n179911 wrote:
>
> Hi,
>
> I am using the latest Chromium on MacOSX.
> When I go to groups.google.com, the font in the message text is always
> smaller (hard to read) than the font I see on S
On Sat, Aug 8, 2009 at 9:53 AM, PhistucK wrote:
> But this is not official, just like the timely snapshots of Chromium during
> the day.
> They are known to be unstable and, most importantly, not official.
> Why can a Chromium build, simply based on the stable branch, not be
> automatically built?
tucK wrote:
> I know you can build it by yourself, the suggestion\request here is to have
> a Chromium snapshot of each branch when it is released (an archive with
> older releases is welcome, too, but not a must have).
> Will you consider that?
> ☆PhistucK
>
>
> On Sat, Aug 8
If you want to build Chromium from the same source as the stable build
of Google Chrome, you can build from this branch:
http://src.chromium.org/viewvc/chrome/branches/172/src/
We would all love there to be a beta / stable version of Chromium for
Linux. I believe we have a team of people trying
On Fri, Aug 7, 2009 at 12:50 AM, Aaron Boodman wrote:
> We already have a contributor who has volunteered to implement
> something close to b):
> http://code.google.com/p/chromium/issues/detail?id=12465. It could
> probably be adapted to also allow executing short snippets of code in
> the page co
I don't really understand why you find Alex's message so frustrating.
We'd love to make --safe-plugins the default. One road to getting
there is having more people use the option and find the
incompatibilities. We'd certainly welcome patches that improve it's
compatibility. If we can make it wo
I'm glad to hear you've been submitting patches to the sandbox. The
tricky part about sandboxing code is you have to think of all the
malicious things the code could do to get out of the sandbox. Even if
we could reliably stop Flash from forking WinMail.exe, what's to stop
Flash from sending the
Perhaps a better default is to use this behavior when first creating a
changelist and to use the old behavior when modifying a changelist.
Adam
On Thu, Aug 6, 2009 at 12:37 AM, Dirk Pranke wrote:
>
> I also fear that I may have unwanted files sneaking in. This was less
> of an issue with Perfor
Yay! Thanks for optimizing this.
Adam
On Wed, Aug 5, 2009 at 5:56 PM, Anthony LaForge wrote:
> Howdy,
> Quick little change to gcl that everyone should be aware of. When you
> execute the script it will now automatically pull all physically modified
> files into the "Paths in this changelist"
Nope, but I've cc'ed myself. Listening to the channel should keep script alive.
Adam
On Wed, Aug 5, 2009 at 5:14 PM, Antony Sargent wrote:
> Adam, speaking of garbage collection and content scripts, have you seen
> http://crbug.com/17410?
>
> On Sun, Aug 2, 2009 at 2:17
On Sun, Aug 2, 2009 at 8:35 PM, Peter Kasting wrote:
> I commented on the duplicate this bug was merged into.
> I think there's been a lack of clarity in the request here. The problem is
> not that the text is a link; the problem is that the text is keeping its
> font, color, etc. There may be a
On Sun, Aug 2, 2009 at 2:12 AM, dwh wrote:
>
> I believe as a side-effect of this, content scripts can no longer at
> all access frames in pages (window.frames is a single frame, rather
> than a collection of them all)... I view this decidedly as a bug
> rather than feature, and cannot see a reaso
I wonder if we could use something like the plug-in sandbox for the
main browser process in the intermediate term. That way the browser
could still have HWNDs and the like.
Adam
On Wed, Jul 29, 2009 at 9:44 AM, Linus Upson wrote:
> I realize this is not a small request, but it would be better
I suspect this behavior is related to our general jankiness problem
when paging back in a sleeping tab. I believe some folks are working
on that issue, but I'm not sure who.
Adam
On Fri, Jul 24, 2009 at 11:25 AM, PhistucK wrote:
> Note that if you think the implementation will be in the tab st
These security properties are quite subtle. I would need to analysis
the feature in detail to give you a reasonable answer.
Adam
On Fri, Jul 24, 2009 at 11:01 AM, darrel karisch wrote:
>
> when I use V8IsolatedWorld I cannot access the window from script, the
> value is undefined. I don't kno
There are some important WebKit changes brewing that you'll want to
pull into that branch eventually:
https://bugs.webkit.org/show_bug.cgi?id=27488
https://bugs.webkit.org/show_bug.cgi?id=27628
But they aren't quite landed yet. What's the deadline for getting
patches into the candidate?
Adam
On Wed, Jul 22, 2009 at 6:23 PM, Albert J. Wong
(王重傑) wrote:
> I also got another suggestion that on the action, I should just redo the hit
> test to retrieve the media node, which nicely handles cases where the movie
> node is getting changed out via javascript from undernearth the context
> menu
If you know what WebCore/bindings/v8/ScriptObjectQuarantine.cpp is
supposed to do, can you reply to me privately? There's some code in
there that doesn't make sense to me, and I'd like to understand what
it's trying to accomplish.
Thanks,
Adam
--~--~-~--~~~---~--~---
WebKit uses ChangeLogs for every commit and they are a royal pain,
requiring an entire suite of scripts to handle generation, merges, and
conflicts. I hope we can find a better solution.
Adam
On Tue, Jul 21, 2009 at 9:37 PM, Anthony LaForge wrote:
> In order to make it easier for the community
1 - 100 of 234 matches
Mail list logo
