Hi all, I am graduate student at University of Virginia, looking to improve some security features of webkit and I am currently looking at IsolatedWorld mechanism specifically. I wish to broaden its usage to protect the webpages against embedded third-party scripts.
I have a question here: in Class DOMWrapperWorld (WebCore/bindings/js/DOMWrapperWorld.h), there are two variables: JSC::JSGlobalData* m_globalData; and HashSet<Document*> m_documentsWithWrapperCaches; Upon initialization of the script execution, the DOMWrapperWorld is later used to create a JSDOMWindowShell, which contains two variables: JSDOMWindow* m_window; and the world itself. Correct me if I am wrong, this Windowshell is later used to create ExecState variable and then passed on to JavascriptCore as script runtime environment. I want to know where does the javascript document tree object of the webpage resides in. Clearly the DOMWrapperWorld has a hashmap variable of document class, however I don't see there is any code touching that variable. In other words, when the browser encounters a script like "var a = 10;", where does the browser stores this variable? I assume it's gonna store it in one of the abovementioned data structures... Many thanks in advance, Best, 2010-08-24 Yuchen Zhou Graduate student pursuing PhD degree Computer Engineering Department University of Virginia
_______________________________________________ webkit-qt mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt
