Re: Security concern with URL bar

2008-09-07 Thread Adam Barth
Thanks for bring up this issue. We're tracking this at: http://code.google.com/p/chromium/issues/detail?id=1647 Adam On Sat, Sep 6, 2008 at 8:27 PM, John Steenbruggen [EMAIL PROTECTED] wrote: The URL bar completion and search feature of the Chrome causes the full typed URL to be send to

[chromium-dev] Re: Unit tests for x509_certificate

2008-09-18 Thread Adam Barth
I'm happy to review changelists as well as I'm partly to blame for the lack of unit tests. Adam On Thu, Sep 18, 2008 at 12:47 PM, Wan-Teh Chang [EMAIL PROTECTED] wrote: On Thu, Sep 18, 2008 at 11:32 AM, Avi Drissman [EMAIL PROTECTED] wrote: I'm going to land some preliminary work on the

[chromium-dev] Re: Design of x509_certificate

2008-09-22 Thread Adam Barth
I don't quite understand your question. Clients of X509Certificate should be oblivious of the cache. A client obtains a pointer to a certificate via the factory method and stores the pointer in a scoped_refptr. Once the client is done with the cert, the scoped_refptr is destructed, which

[chromium-dev] Re: Proposal: Chrome Development for Corporate/Professional Windows Developers

2008-09-27 Thread Adam Barth
On Sat, Sep 27, 2008 at 5:01 PM, HLS [EMAIL PROTECTED] wrote: - Not Create sequenced files I would prefer not to create sequential files as well. What alternate behavior do you propose if the user already has a file by the given name? Thanks, Adam

[chromium-dev] Re: Proposal: [base] Thread collision class assert

2008-10-02 Thread Adam Barth
Can you describe a use-case that is missing from NonThreadSafe? NonThreadSafe has already found lots of race conditions for us. I'm definitely interested in ways to improve it. also in case of release mode NonThreadSafe is not removed entirely from code. Why is that? The optimizer should

[chromium-dev] Re: Autofill design document

2008-10-14 Thread Adam Barth
What about forms created after WebFrameLoaderClient::dispatchDidFinishDocumentLoad? For example, if you click the reply button on Gmail? Seems like you're better off hooking the focusing of input elements... Adam On Tue, Oct 14, 2008 at 2:58 PM, Peterson Trethewey [EMAIL PROTECTED] wrote:

[chromium-dev] UI proposal: Open link in new foreground tab

2008-12-07 Thread Adam Barth
== Overview == We should add a Open link in foreground tab menu item to the context menu for hyperlinks. == Use Cases == There are two main use cases for opening a link in a new tab: 1) Breath-first: You're viewing the Digg home page and you'd like to open up a number of articles to read.

[chromium-dev] Re: bookmark menu

2008-12-15 Thread Adam Barth
I wonder if it would make sense to reuse the existing star button for something like this. The behavior could be similar to the back button in that clicking is different from clicking-and-holding / clicking-and-dragging. Adam On Mon, Dec 15, 2008 at 4:50 PM, Darren Horrocks

[chromium-dev] Re: Trunk build's biggest annoyances?

2008-12-15 Thread Adam Barth
I'm not sure what the policy is for making up labels on the bug tracker, but I labeled these bugs SuperAnnoying. I filed and labeled another bug (space bar doesn't scroll window). Either my bug search skills suck or not that many people are dogfooding trunk. How can it be that no one noticed

[chromium-dev] Re: list of webkit committers?

2008-12-16 Thread Adam Barth
I can land a swath of these on Wednesday. On Tue, Dec 16, 2008 at 1:52 PM, Darin Fisher da...@chromium.org wrote: Here's the list IIRC: abarth brettw darin eseidel pamg pkasting With the following folks on deck: dglazkov mpcomplete tc http://nightly.webkit.org/start has a link to the

[chromium-dev] Re: code style verification/formatting tool

2008-12-16 Thread Adam Barth
Awesome! Thanks John. Trailing whitespace be gone! On Tue, Dec 16, 2008 at 8:16 PM, John Abd-El-Malek j...@chromium.org wrote: Just a heads-up that I've integrated the script into our Rietveld instance. If you use gcl, it will ping the server at a special url after a patchset upload so

[chromium-dev] Re: Extensions and profiles

2008-12-17 Thread Adam Barth
Keep in mind that some users will use a high-security profile for online banking and a low-security profile for reading blogs. I might decide that I like a certain extension enough to install it in my low-security profile, but that doesn't mean I like it enough to install it in my high-security

[chromium-dev] Re: Flakiness in net_unittests on Mac Debug

2008-12-23 Thread Adam Barth
I wrote this test recently. Let me know if I can be of any assistance. Adam On Tue, Dec 23, 2008 at 8:46 AM, Avi Drissman a...@google.com wrote: The net_unittests started being flaky due to hitting a check in message_pump_libevent: [ RUN ] URLRequestTest.Post307RedirectPost

[chromium-dev] Re: webkit/port is moving into third_party/WebKit/WebCore

2008-12-23 Thread Adam Barth
I'm confused. I need to fix a bug in ImageSourceSkia.cpp, but I can't find it http://src.chromium.org/viewvc/chrome/trunk/src/webkit/port/platform/graphics/ or http://trac.webkit.org/browser/trunk/WebCore/platform/graphics Where did it go? Adam On Mon, Dec 22, 2008 at 8:42 PM, Darin

[chromium-dev] Re: What WebKit goodies do we get in 155?

2009-01-05 Thread Adam Barth
If 155 is coming off of trunk, it has postMessage(), which is exciting for us security wonks. Adam On Mon, Jan 5, 2009 at 9:30 PM, Mark Larson (Google) m...@chromium.org wrote: I'm working on release notes for 155. The big addition in 155 (vs the 154 code we've been releasing) is the WebKit

[chromium-dev] Re: Is Chrome App-Mode discoverable?

2009-01-13 Thread Adam Barth
Please don't add non-standard names to the global scope. We should bring this up in whatwg to coordinate with Mozilla and Apple who have similar app modes. Adam On Tue, Jan 13, 2009 at 9:41 AM, Dmitry Titov dim...@chromium.org wrote: +1 to a non-bool It should be on window rather then on

[chromium-dev] Re: checkdeps failure when a unit test relies on v8.h

2009-02-17 Thread Adam Barth
It's a reasonable size attack surface that we don't need. It's analogous to our decoding favicons in the renderer for security. Adam On Tue, Feb 17, 2009 at 10:17 AM, Darin Fisher da...@chromium.org wrote: That sounds like a lot of overhead and a lot of costly plumbing to me. Is it really

[chromium-dev] Re: checkdeps failure when a unit test relies on v8.h

2009-02-17 Thread Adam Barth
No one else has a sandbox for their JavaScript engine. ACE in their JS engine is game over. Adam On Tue, Feb 17, 2009 at 9:42 PM, Darin Fisher da...@chromium.org wrote: I wonder why this hasn't gotten much attention in other browsers... -Darin On Tue, Feb 17, 2009 at 1:42 PM, Adam Barth

[chromium-dev] Re: staying on top of layout tests

2009-02-19 Thread Adam Barth
On Thu, Feb 19, 2009 at 3:37 PM, Ojan Vafai o...@google.com wrote: Seem reasonable? Sounds fine to me. Adam --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe:

[chromium-dev] Re: Thoughts on copy/paste

2009-03-09 Thread Adam Barth
for WinChromium but it isn't an option for the Mac version if we want to use system menus. (And no, that wasn't an opening for anyone to say that we shouldn't use the system menus on the Mac...) Avi On Mon, Mar 9, 2009 at 4:31 PM, Adam Barth aba...@chromium.org wrote: I think we should show the menu

[chromium-dev] Re: Thoughts on copy/paste

2009-03-10 Thread Adam Barth
On Tue, Mar 10, 2009 at 7:47 AM, Avi Drissman a...@google.com wrote: And that's the question, isn't it? :) What does affect the availability of copy/paste? I'll be looking into that soon. Yep. :) In principle, almost anything can affect the copy/paste state because most things can run script

[chromium-dev] Re: Network stack roadmap

2009-03-19 Thread Adam Barth
PhistucK, Thanks for your input, but the interstitial is handled at a different layer in the browser than the new network stack (chrome/browser versus net/http). Adam 2009/3/18 PhistucK phist...@gmail.com: One more thing, is issue 2010, which discusses the option not to show the

[chromium-dev] Re: Top level browsing contexts and processes

2009-03-20 Thread Adam Barth
In the long term, we do plan to support out-of-process iframes, but you shouldn't let this constrain our sessionStorage implementation. Adam On Fri, Mar 20, 2009 at 10:23 AM, Jeremy Orlow jor...@google.com wrote: Are there any plans (long term or short) to render stuff like iframes with a

[chromium-dev] Re: Setting Default Search Engine

2009-03-20 Thread Adam Barth
Yeah, this great works in Chrome. Head over to http://mycroft.mozdev.org/search-engines.html and try adding any of the OpenSearch search engines (with the A9 logos). Adam On Fri, Mar 20, 2009 at 2:19 PM, Meok meok...@gmail.com wrote: I'm not talking about tricking someone into setting a

[chromium-dev] Re: Disabling This type of file can harm your computer

2009-03-25 Thread Adam Barth
It's important to have this discussion, but we should be having it in the bug tracker instead of on chromium-dev. Thanks, Adam On Wed, Mar 25, 2009 at 11:22 AM, Robert Dailey rcdai...@gmail.com wrote: First of all, I'm using Chrome 2.0.171.0 I have been unable to find a way to disable the

[chromium-dev] Re: Compiling browser without compiling unit tests?

2009-03-31 Thread Adam Barth
Set chrome_exe as your startup project and press F5! Adam On Tue, Mar 31, 2009 at 12:14 PM, QAH qah...@gmail.com wrote: Hello everyone! I got google chrome to compile, but there were lots of errors given to me with the unit tests. The browser can still run without the tests, so how can I

[chromium-dev] Re: Compiling browser without compiling unit tests?

2009-03-31 Thread Adam Barth
On Tue, Mar 31, 2009 at 12:42 PM, Finnur Thorarinsson fin...@chromium.org wrote: It's not that simple. I think something fishy is going on with our project dependencies or something. Oh, interesting. This has worked for me in the past. (My machine is really slow and I often skip compiling

[chromium-dev] Re: Parallel Compiling

2009-03-31 Thread Adam Barth
You could try using IncrediBuild: http://www.xoreax.com/ Adam On Tue, Mar 31, 2009 at 2:08 PM, QAH qah...@gmail.com wrote: I have 3 computers (2 desktops and 1 laptop). Is there a way I can compile Google Chrome simultaneously on these computers so that the compile time will be faster?

[chromium-dev] Re: media uri use default video tag

2009-04-06 Thread Adam Barth
Most of the work to make this happen will take place in WebKit (see, for example, how images and the like are handled). You might want to file this as a feature request at bugs.webkit.org. Adam On Mon, Apr 6, 2009 at 1:56 PM, Evan Martin e...@chromium.org wrote: Patches welcome.  :P On

[chromium-dev] Re: [linux] GTK and multi-threading

2009-04-10 Thread Adam Barth
Option (b) is better, as far as I can tell. On windows, those messages have their own HWND anyway. Adam On Fri, Apr 10, 2009 at 1:15 PM, Ricardo Vargas rvar...@chromium.org wrote: I opened bug 7379 a while ago to implement option b on the windows side. On Fri, Apr 10, 2009 at 1:03 PM,

[chromium-dev] Re: question on profiles ChromeThread

2009-04-11 Thread Adam Barth
Oops. Wrong address. See below: On Sat, Apr 11, 2009 at 3:47 PM, Adam Barth abarth@ wrote: That sound fine.  The other option is to make the history thread not well-known (i.e., take away its ChromeThread::HISTORY name).  Is there a reason to have N history threads with N profiles? Adam

[chromium-dev] Re: Remove svn from deps/third_party?

2009-04-22 Thread Adam Barth
Sounds good to me. (Although if I had my way, we'd check the entire toolchain into SVN, gcc and all.) Adam On Wed, Apr 22, 2009 at 9:58 PM, Mark Larson (Google) m...@chromium.org wrote: I filed http://bugs.chromium.org/10872 for this... From src/chrome/tools/build/win/version.bat: ::

[chromium-dev] Re: Extracting Views, creating app/

2009-04-25 Thread Adam Barth
On Fri, Apr 24, 2009 at 11:29 PM, Ben Goodger (Google) b...@chromium.org wrote: chrome/common/clipboard_service.h I don't see the point of this class. Let's just kill it, finally. chrome/common/scoped_vector.h This file really wants to be in base. Adam

[chromium-dev] Re: Today we run zero LayoutTests in chrome

2009-04-30 Thread Adam Barth
It doesn't take much of layoutTestController to run most of the LayoutTests. At one point, I had a student implement the low hanging fruit as a Firefox extension. Adam On Thu, Apr 30, 2009 at 11:37 AM, Darin Fisher da...@chromium.org wrote: I think if we should definitely make it possible to

[chromium-dev] Re: POSIX: EINTR correctness

2009-05-01 Thread Adam Barth
On Fri, May 1, 2009 at 12:35 PM, Adam Langley a...@chromium.org wrote: On POSIX, it uses GCC magic to return the correct type based on the expression and restarts the system call if it throws EINTR. Here it is: #define HANDLE_EINTR(x) ({ \  typeof(x) ret; \  do { \    ret = x; \  } while

[chromium-dev] Re: POSIX: EINTR correctness

2009-05-01 Thread Adam Barth
There's also a problem if you write something like: HANDLE_EINTR(close(PromptUserForFileDescriptor())); Macros suck. What about something like base::close that's inline and knows how to loop? Adam On Fri, May 1, 2009 at 1:27 PM, Adam Langley a...@chromium.org wrote: On Fri, May 1, 2009 at

[chromium-dev] gfx::NativeViewId and IPC

2009-05-03 Thread Adam Barth
Currently we have a handful of renderer - browser IPC messages that contain gfx::NativeViewIds: ViewHostMsg_GetWindowRect ViewHostMsg_GetScreenInfo ViewHostMsg_GetRootWindowRect ViewHostMsg_GetRootWindowResizerRect ViewHostMsg_ScriptedPrint These make me sad because the render could ask about

[chromium-dev] Re: gfx::NativeViewId and IPC

2009-05-03 Thread Adam Barth
On Sun, May 3, 2009 at 7:50 PM, Evan Martin e...@chromium.org wrote: Look at base/gfx/gtk_native_view_id_manager -- it implements #2 for GTK. Interesting. That's similar to what I had in mind, but not quite as tight in the sense that it lets one renderer interact with view_ids from another

[chromium-dev] Re: gfx::NativeViewId and IPC

2009-05-04 Thread Adam Barth
by the RendererSecurityPolicy to store security bits associated with the render view so that we don't need to have two maps. I am already close to eliminating the NativeViewID parameters in the WebKit API. -Darin On Sun, May 3, 2009 at 7:14 PM, Adam Barth aba...@chromium.org wrote: Currently we have a handful

[chromium-dev] Re: gfx::NativeViewId and IPC

2009-05-04 Thread Adam Barth
an untrusted parameter as an HWND. --Amanda On Sun, May 3, 2009 at 10:14 PM, Adam Barth aba...@chromium.org wrote: Currently we have a handful of renderer - browser IPC messages that contain gfx::NativeViewIds: ViewHostMsg_GetWindowRect ViewHostMsg_GetScreenInfo

[chromium-dev] Re: Does chrome has an add-on preference system?

2009-05-06 Thread Adam Barth
We should be careful about adding non-standard APIs to the Web platform. If we want to make this available to every Web site, we should first standardized the API through W3C. Adam 2009/5/6 Jeremy Orlow jor...@google.com: The JavaScript bindings are (mostly) generated from .idl files found

[chromium-dev] Re: Does chrome has an add-on preference system?

2009-05-06 Thread Adam Barth
Maybe the thing to do is to have some kind of WebKit namespace for experimental JavaScript APIs, in the same way there is -webkit-border-radius for CSS. Something like: window.onIdleWebKit or window.onIdleWK Adam On Wed, May 6, 2009 at 1:07 PM, Aaron Boodman a...@chromium.org wrote: On

[chromium-dev] Re: Request for comments: Feed preview work

2009-05-06 Thread Adam Barth
I think Darin had some strong opinions about whether we should do nested schemes like feed-view:http://foo.com/bar. From a security point of view, we'd ideally like to render feeds with JavaScript and plug-ins disabled, as well as in a noAccess SecurityOrigin. This is easier if the feed preview

[chromium-dev] Re: Request for comments: Feed preview work

2009-05-06 Thread Adam Barth
that the authority of such an URL is actually foo.com. (However, we could perhaps support this as we do view-source, where WebKit never actually sees the view-source URL.) -Darin On Wed, May 6, 2009 at 6:56 PM, Adam Barth aba...@chromium.org wrote: I think Darin had some strong opinions about whether

[chromium-dev] Re: Request for comments: Feed preview work

2009-05-06 Thread Adam Barth
On Wed, May 6, 2009 at 8:45 PM, Mike Beltzner beltz...@mozilla.com wrote: FWIW, Firefox has had several security issues crop up with the mixed-content feed preview implementation. Placing privileged controls so close to web content should be avoided, IMO, if you want to keep this from being a

[chromium-dev] Re: Implementing an onidle event (and the Linux implications)

2009-05-07 Thread Adam Barth
I'd encourage you to implement it for extensions first. It seems really useful for queuing up notifications, etc. Adam 2009/5/7 PhistucK phist...@gmail.com: (Creating a new thread for it.) So, I started looking into it. And as you wrote, in order to implement this function for all of the

[chromium-dev] Re: [extensions] content-type

2009-05-07 Thread Adam Barth
On Thu, May 7, 2009 at 3:55 PM, Aaron Boodman a...@chromium.org wrote: On Thu, May 7, 2009 at 3:52 PM, Evan Martin e...@chromium.org wrote: Options here (I can't tell if you're suggesting #2 or #3): 1) filename extension only (what I'm suggesting) 2) require both filename extension and

[chromium-dev] Re: [extensions] content-type

2009-05-07 Thread Adam Barth
On Thu, May 7, 2009 at 4:17 PM, Aaron Boodman a...@chromium.org wrote: Ok, thanks for the recommendation. Currently the magic string is Cr24. Not enough characters? I suggested the above to be analogous to HTML5's appcache manifests:

[chromium-dev] Re: [extensions] content-type

2009-05-08 Thread Adam Barth
On Thu, May 7, 2009 at 9:12 PM, Aaron Boodman a...@chromium.org wrote: Just to clarify, you understand we're talking about a binary package here, right? Not a text file. Oh, I didn't realize that, but I'm not sure it makes much of a difference. Chrome extensions are distributed in what are

[chromium-dev] Severity Guidelines for Security Issues

2009-05-08 Thread Adam Barth
Recently some folks have asked how we decide what severity to rate each security vulnerability. Thus far, we've mostly been using an informal process, but it seemed like a good idea to spell out our policy publicly. Below is a draft of some guidelines for assigning severities to security

[chromium-dev] Re: Severity Guidelines for Security Issues

2009-05-08 Thread Adam Barth
. sandbox limits - sandbox is designed to limit. (Lawyers are rubbing off on me.) 2009/5/7 Adam Barth aba...@chromium.org Recently some folks have asked how we decide what severity to rate each security vulnerability.  Thus far, we've mostly been using an informal process, but it seemed like

[chromium-dev] Re: [extensions] content-type

2009-05-11 Thread Adam Barth
2009/5/11 Nick Baum nickb...@chromium.org: I'd like to avoid the An unknown party wishes to install an extension. phrasing. It's scary and I don't think this actually helps the users make a decision (and often this will happen in legitimate cases where the developers simply can't set the

[chromium-dev] Re: [extensions] content-type

2009-05-11 Thread Adam Barth
On Mon, May 11, 2009 at 12:02 PM, Aaron Boodman a...@chromium.org wrote: On Mon, May 11, 2009 at 11:59 AM, Darin Fisher da...@chromium.org wrote: We should use the same messaging that we use for downloaded executables.  Or, at least we should not make downloaded extensions seem less scary

[chromium-dev] Re: CIA-bot on #chromium?

2009-05-12 Thread Adam Barth
On Tue, May 12, 2009 at 11:49 AM, Peter Kasting pkast...@chromium.org wrote: On Mon, May 11, 2009 at 6:35 PM, Adam Barth aba...@chromium.org wrote: One feature of #webkit that I find useful is that every commit is summarized by the CIA-bot. http://cia.vc/ Funny, that's a feature I find

[chromium-dev] Re: Severity Guidelines for Security Issues

2009-05-12 Thread Adam Barth
Thanks for all your comments. The guidelines are now posted at: http://dev.chromium.org/developers/severity-guidelines Adam On Thu, May 7, 2009 at 11:41 PM, Adam Barth aba...@chromium.org wrote: Recently some folks have asked how we decide what severity to rate each security vulnerability

[chromium-dev] Re: Should the header file sentries contain double underscores?

2009-05-12 Thread Adam Barth
We're following Google Style: http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml Adam On Tue, May 12, 2009 at 9:29 PM, Benjamin ice...@gmail.com wrote: What is the point of a single trailing underscore?  Wouldn't it make more sense to match webkit and have no trailing

[chromium-dev] GYP is great

2009-05-14 Thread Adam Barth
I know there has been some amount of pain transitioning over to GYP, but I, for one, really appreciate it. I've been wanting to reorganize some of the SSL UI code for a while now but I've been scared of screwing up the Mac and Linux builds. GYP lets me hack without breaking other build systems.

[chromium-dev] Re: Run-Time Check Failures

2009-05-16 Thread Adam Barth
When I've seen this before, I've needed to do a clobber build. Adam On Wed, May 13, 2009 at 5:21 PM, John Gregg john...@google.com wrote: I'm synced to 16009 (which is the latest good change according to http://build.chromium.org/buildbot/continuous/LATEST/REVISION), and I got everything

[chromium-dev] Re: how can i make sure i have the Exact copy as the trunk ?

2009-05-17 Thread Adam Barth
On Sun, May 17, 2009 at 8:11 AM, nakro yoav.zilberb...@gmail.com wrote: i am now playing with the source code of chrome, and doing tests i did not find a way to say show me which files i have that are different Try gcl opened or svn status. If you want to see how they files are different,

[chromium-dev] Re: how can i make sure i have the Exact copy as the trunk ?

2009-05-17 Thread Adam Barth
You need to go to deeper levels of the directory hierarchy to get to the SVN working copies that make up your chrome checkout. For example, go into src/chrome and try svn revert. Adam On Sun, May 17, 2009 at 8:41 AM, nakro yoav.zilberb...@gmail.com wrote: Try svn revert. i will try the

[chromium-dev] Re: Tweaking DownloadManager

2009-05-22 Thread Adam Barth
In general, we prefer message passing to locking. You might consider posting a task back to the original thread to notify the download item about whether the shell execute succeeded. Adam On Fri, May 22, 2009 at 6:47 PM, Yuta Kitamura yu...@google.com wrote: Hi all, I've been researching on

[chromium-dev] Re: Is there any way to profile chromium on MacOS?

2009-05-24 Thread Adam Barth
I'm not sure if we have anything exposed through the UI yet. Folks are working on instrumenting WebCore in the right places to be able to measure this. I looked around a bit for the bugs.webkit.org bug, but I couldn't lay my hands on it. Adam On Sat, May 23, 2009 at 12:53 AM, lucius

[chromium-dev] Re: How to get a pointer/reference to HTML Document from a pointer to WebView

2009-05-31 Thread Adam Barth
I don't think you can do that. That would violate the abstraction of the WebKit API. What are you trying to do? There might be another way to accomplish your goal. Adam On Sat, May 30, 2009 at 11:21 PM, Daniel Dreiberg daniel.dreiber...@gmail.com wrote: Hi, If I have a pointer to WebView,

[chromium-dev] Re: Buildbot is failing, I don't know what to do.

2009-06-02 Thread Adam Barth
We're working through this on #chromium Adam On Tue, Jun 2, 2009 at 7:29 PM, Mohamed Mansour m0.interact...@gmail.com wrote: Hi, I was landing a patch right now, and I am getting all these weird errors. C:\b\slave\sub-dbg-xp\build\src\net\http\http_auth_handler_ntlm.cc : warning C4005:

[chromium-dev] V8DOMMap

2009-06-03 Thread Adam Barth
Who's a good contact for V8DOMMap? It's probably going to need some surgery to support isolated user scripts, and I want to make sure I'm not screwing it up. Thanks, Adam --~--~-~--~~~---~--~~ Chromium Developers mailing list: chromium-dev@googlegroups.com View

[chromium-dev] Re: V8DOMMap

2009-06-04 Thread Adam Barth
On Thu, Jun 4, 2009 at 10:36 AM, Mike Belshe mbel...@google.com wrote: On Thu, Jun 4, 2009 at 10:33 AM, Aaron Boodman a...@chromium.org wrote: You mean the idea in general won't work well, or this particular approach? I talked it over with Feng awhile ago, and he seemed to think the general

[chromium-dev] Re: What is the best way to get document location from an NPAPI plugin?

2009-06-08 Thread Adam Barth
This turns out to be very trick to do securely. I recommend studying how Flash does this and doing *precisely* the same thing. Adam On Sun, Jun 7, 2009 at 10:57 PM, vijaytec...@gmail.com wrote: Preferably a browser-independent way would be great. Thanks in advance, Vijay

[chromium-dev] Re: What is the best way to get document location from an NPAPI plugin?

2009-06-09 Thread Adam Barth
Flash does something similar, but not *precisely* the same. I stand by my statement that the below is insecure. Adam On Mon, Jun 8, 2009 at 8:08 PM, John Abd-El-Malekj...@chromium.org wrote: BTW this is how Flash does it. On Mon, Jun 8, 2009 at 7:47 PM, Adam Barth aba...@chromium.org wrote

[chromium-dev] Re: What is the best way to get document location from an NPAPI plugin?

2009-06-09 Thread Adam Barth
I observed by looking at their NPN calls. On Tue, Jun 9, 2009 at 5:23 PM, Adam Barth aba...@chromium.org wrote: Here's a demo of an attack that works in Chrome: http://webblaze.org/abarth/tests/document-location/ Flash does something similar, but not *precisely* what Vijay proposed

[chromium-dev] Re: throwError() in V8 bindings

2009-06-10 Thread Adam Barth
Maybe it would be worth sweeping through the whole bindings and fixing all obvious instances of this. Otherwise the bad idiom will continue to spread like moss. I'm happy to review the change (either @chromium.org or @webkit.org). Adam On Wed, Jun 10, 2009 at 10:20 AM, Drew

[chromium-dev] Re: Developing Chrome using tip-of-tree WebKit

2009-06-16 Thread Adam Barth
Has anyone actually gotten this to work? I'm having trouble with line endings. It looks like my webkit.org checkout got converted to using CR LF line endings, but WebKitTools seems to want LF line endings. Relatedly, which svn.exe should I have in my path for WebKitTools (depot_tools or

[chromium-dev] Re: Developing Chrome using tip-of-tree WebKit

2009-06-16 Thread Adam Barth
On Tue, Jun 16, 2009 at 9:55 AM, Darin Fisherda...@chromium.org wrote: On Tue, Jun 16, 2009 at 9:47 AM, Peter Kasting pkast...@google.com wrote: WebKit trunk checkouts only work when you only use the cygwin svn.  You must never use a depot_tools svn or you will hose your checkout. PK That's

[chromium-dev] Re: How do I deploy an NPAPI plugin over the internet from HTML ?

2009-06-26 Thread Adam Barth
On Fri, Jun 26, 2009 at 5:38 AM, Dean McNameede...@chromium.org wrote: On Fri, Jun 26, 2009 at 11:24 AM, Non-Stickkevin.ra...@ntlworld.com wrote: Before I proceed to build an independent installer, please can you advise whether or not there are any plans for Chrome to provide such a

[chromium-dev] Re: Full pass of acid3.

2009-07-04 Thread Adam Barth
On Sat, Jul 4, 2009 at 12:59 PM, Peter Kastingpkast...@google.com wrote: On Sat, Jul 4, 2009 at 9:57 AM, Ian Fette i...@chromium.org wrote: There are a few people looking at doing this safely (including part of the team in Tokyo). There are ideas on how to do this in a reasonably safe manner

[chromium-dev] Re: Store extra HTTP headers in WebHistoryItem

2009-07-06 Thread Adam Barth
On Sun, Jul 5, 2009 at 7:38 PM, Marshall Greenblattmagreenbl...@gmail.com wrote: On Sun, Jul 5, 2009 at 5:47 PM, Adam Langley a...@chromium.org wrote: On Sun, Jul 5, 2009 at 8:59 AM, Marshall Greenblattmagreenbl...@gmail.com wrote: We currently have the ability to set extra HTTP header

[chromium-dev] Re: Rewrite of DOMUI l10n strings

2009-07-08 Thread Adam Barth
Ideally we would use an existing library instead of rolling our own. One major benefit of using existing code is that all the XSS holes will have been worked out already. Adam On Wed, Jul 8, 2009 at 11:36 AM, Tony Changt...@chromium.org wrote: No objections from me-- a faster new tab page

[chromium-dev] Flying blind

2009-07-09 Thread Adam Barth
I did a WebKit DEPs roll tonight to pick up the next stage of V8Proxy cleanup and promptly lost the ability to see the buildbot: blockquote Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /buildbot/waterfall/.

[chromium-dev] Re: Flying blind

2009-07-09 Thread Adam Barth
I can see the buildbot intermittenly now, and it looks like Windows needs a clobber. Unfortunately, I don't see a way to do that on the buildbot page... :( On Thu, Jul 9, 2009 at 1:24 AM, Adam Barthaba...@chromium.org wrote: I did a WebKit DEPs roll tonight to pick up the next stage of

[chromium-dev] Re: Flying blind

2009-07-09 Thread Adam Barth
Thanks Jeremy. Adam On Thu, Jul 9, 2009 at 1:50 AM, Jeremy Orlowjor...@chromium.org wrote: I clobbered the WebKit FYI builds.  Looks like someone else beat me to the main windows builds. On Thu, Jul 9, 2009 at 1:35 AM, Adam Barth aba...@chromium.org wrote: I can see the buildbot

[chromium-dev] Re: Context::GetEntered v GetCalling v GetCurrent

2009-07-09 Thread Adam Barth
On Thu, Jul 9, 2009 at 1:04 PM, Drew Wilsonatwil...@chromium.org wrote: Hi all, I've been poking around quite a bit recently in the WebKit JS bindings/constructor code, trying to make some sense of their widespread use of the lexicalGlobalObject() - basically, it seems like looking at the

[chromium-dev] Re: Context::GetEntered v GetCalling v GetCurrent

2009-07-09 Thread Adam Barth
I support this. It look me a while to get my mind wrapped around this, especially when reading JSC / V8 bindings code side-by-side. Aligning with the JSC names would be even better. Adam On Thu, Jul 9, 2009 at 1:39 PM, Aaron Boodmana...@chromium.org wrote: I have a proposal for a rename of

Fwd: [chromium-dev] Re: Context::GetEntered v GetCalling v GetCurrent

2009-07-09 Thread Adam Barth
We already have an abstraction layer around these calls.  We can change names in V8Proxy / whatever these functions end up after V8Proxy dissolves. Adam On Thu, Jul 9, 2009 at 1:55 PM, Aaron Boodmana...@chromium.org wrote: It could be that the current names make sense if you work on v8, but

[chromium-dev] LayoutTest unexpected success

2009-07-14 Thread Adam Barth
Looking at the buildbot, there are a bunch of LayoutTests that are supposed to fail, timeout, or crash, but which actually pass. We should update our test expectations / close the cooresponding bugs. I'll do this tomorrow afternoon if no one beats me to it. Enjoy: Expected to fail, but passed

[chromium-dev] Re: LayoutTest unexpected success

2009-07-14 Thread Adam Barth
Wow, there are even more on Mac: Expected to fail, but passed (39) Adam On Tue, Jul 14, 2009 at 12:38 AM, Adam Barthaba...@chromium.org wrote: Looking at the buildbot, there are a bunch of LayoutTests that are supposed to fail, timeout, or crash, but which actually pass.  We should update

[chromium-dev] Re: LayoutTest unexpected success

2009-07-14 Thread Adam Barth
On Tue, Jul 14, 2009 at 1:28 PM, Michael Nordmanmicha...@google.com wrote: I'd leave decisions about the worker related message port tests for drew and dimich... the feature isn't fully functional yet in chrome (even if they don't crash and happen to pass and such). Seems like we should turn

[chromium-dev] Re: Hacking on WebKit is easier than ever

2009-07-15 Thread Adam Barth
On Wed, Jul 15, 2009 at 12:44 PM, Peter Kastingpkast...@chromium.org wrote: On Wed, Jul 15, 2009 at 12:39 PM, Adam Barth aba...@chromium.org wrote: Thanks to some recent work by Dimitri, Victor, and others, hacking on WebKit is now easier than ever.  If you work on WebKit and Chromium, I

[chromium-dev] Re: Hacking on WebKit is easier than ever

2009-07-15 Thread Adam Barth
On Wed, Jul 15, 2009 at 12:57 PM, Peter Kastingpkast...@chromium.org wrote: I am still confused. I recommend the experimental method. If you have trouble, we can try to figure out what's different between your setup and my setup. Adam --~--~-~--~~~---~--~~

[chromium-dev] Re: Hacking on WebKit is easier than ever

2009-07-15 Thread Adam Barth
On Wed, Jul 15, 2009 at 1:53 PM, Peter Kastingpkast...@chromium.org wrote: On Wed, Jul 15, 2009 at 1:45 PM, Adam Barth aba...@chromium.org wrote: Maybe try removing those directories from your .gclient_entries file? This fixed things.  Updated the directions.  Also noted that people should

[chromium-dev] Re: Hacking on WebKit is easier than ever

2009-07-15 Thread Adam Barth
On Wed, Jul 15, 2009 at 1:55 PM, Adam Barthaba...@chromium.org wrote: On Wed, Jul 15, 2009 at 1:53 PM, Peter Kastingpkast...@chromium.org wrote: On Wed, Jul 15, 2009 at 1:45 PM, Adam Barth aba...@chromium.org wrote: Maybe try removing those directories from your .gclient_entries file

[chromium-dev] Enabled isolation for content scripts

2009-07-16 Thread Adam Barth
Today I landed a patch that enables a security feature for extensions. Now when an extension runs a content script, that script runs in a parallel universe with the page. In its isolated world, the content script can see the page's DOM, but it can't see any of the page's JavaScript objects.

[chromium-dev] Re: novel use of v8 - CSS Scripting Layout

2009-07-17 Thread Adam Barth
The next step for your specification is to go to the W3C. CSS expressions have be a huge pain point for Internet Explorer, both in terms of security and in terms of performance. We'll want to be extremely careful before implementing a similar feature. Finally, features at this layer should go

[chromium-dev] Re: novel use of v8 - CSS Scripting Layout

2009-07-20 Thread Adam Barth
On Mon, Jul 20, 2009 at 11:04 AM, darrel karischdkari...@gmail.com wrote: using the parallel universe V8IsolatedWorld addresses the security concerns for the most part. I'm not sure this is the case. That feature was design explicitly for the extension use case. We'd have to think carefully

[chromium-dev] Re: Question about V8 bindings

2009-07-21 Thread Adam Barth
I think the way this works in general is that you create the wrapper for the derived class. You can see all the switch statements in V8DOMWrapper.cpp that try to do this for Nodes, etc. Adam On Tue, Jul 21, 2009 at 10:32 AM, Jeremy Orlowjor...@chromium.org wrote: On Tue, Jul 21, 2009 at

[chromium-dev] Anyone know ScriptObjectQuarantine.cpp?

2009-07-22 Thread Adam Barth
If you know what WebCore/bindings/v8/ScriptObjectQuarantine.cpp is supposed to do, can you reply to me privately? There's some code in there that doesn't make sense to me, and I'd like to understand what it's trying to accomplish. Thanks, Adam

[chromium-dev] Re: Knowing when a context menu is closed

2009-07-22 Thread Adam Barth
On Wed, Jul 22, 2009 at 6:23 PM, Albert J. Wong (王重傑)ajw...@chromium.org wrote: I also got another suggestion that on the action, I should just redo the hit test to retrieve the media node, which nicely handles cases where the movie node is getting changed out via javascript from undernearth

[chromium-dev] Re: Major refactorings since 21122?

2009-07-24 Thread Adam Barth
There are some important WebKit changes brewing that you'll want to pull into that branch eventually: https://bugs.webkit.org/show_bug.cgi?id=27488 https://bugs.webkit.org/show_bug.cgi?id=27628 But they aren't quite landed yet. What's the deadline for getting patches into the candidate? Adam

[chromium-dev] Re: novel use of v8 - CSS Scripting Layout

2009-07-24 Thread Adam Barth
These security properties are quite subtle. I would need to analysis the feature in detail to give you a reasonable answer. Adam On Fri, Jul 24, 2009 at 11:01 AM, darrel karischdkari...@gmail.com wrote: when I use V8IsolatedWorld I cannot access the window from script, the value is

[chromium-dev] Re: I want to fix the tab tear issues with chrome

2009-07-24 Thread Adam Barth
I suspect this behavior is related to our general jankiness problem when paging back in a sleeping tab. I believe some folks are working on that issue, but I'm not sure who. Adam On Fri, Jul 24, 2009 at 11:25 AM, PhistucKphist...@gmail.com wrote: Note that if you think the implementation

[chromium-dev] Re: Design Doc: out of process (v8) proxy resolving

2009-07-29 Thread Adam Barth
I wonder if we could use something like the plug-in sandbox for the main browser process in the intermediate term. That way the browser could still have HWNDs and the like. Adam On Wed, Jul 29, 2009 at 9:44 AM, Linus Upsonli...@google.com wrote: I realize this is not a small request, but it

[chromium-dev] Re: Copy URL as plain text instead of HTML

2009-08-02 Thread Adam Barth
On Sun, Aug 2, 2009 at 8:35 PM, Peter Kastingpkast...@google.com wrote: I commented on the duplicate this bug was merged into. I think there's been a lack of clarity in the request here.  The problem is not that the text is a link; the problem is that the text is keeping its font, color, etc.

  1   2   >