info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Please consider the impact of IPC messages triggered from JS APIs
32 views
Skip to first unread message
Ehsan Akhgari
Jul 4, 2018, 3:31:14 PM7/4/18
to dev-pl...@lists.mozilla.org
Hi everyone,
This is a quick note to remind you of the adverse effects of IPC messages
that can be sent from the content process to the parent process especially
from web content Javascript accessible APIs.
Let's say you have a JS callable function foo() which sends the IPC message
MsgBar to the parent process for further processing each time it is
called. This will make it possible for an abusive or poorly written page
to spam the parent process with a lot of MsgBar messages if the page does
something like:
while (true)
foo();
Such a page can interfere with the slow script notification being displayed
and interacted with in the parent process, which is quite bad, and that
problem may exacerbate the issue of the long running JS running in the
content process as the user may be unable to stop it.
This came up earlier today in
https://bugzilla.mozilla.org/show_bug.cgi?id=1438214, and I decided to send
a note about the problem so that people can consider coalescing such
messages when the calls to foo() happen too frequently when writing new
code.
Thanks,
--
Ehsan
This is a quick note to remind you of the adverse effects of IPC messages
that can be sent from the content process to the parent process especially
from web content Javascript accessible APIs.
Let's say you have a JS callable function foo() which sends the IPC message
MsgBar to the parent process for further processing each time it is
called. This will make it possible for an abusive or poorly written page
to spam the parent process with a lot of MsgBar messages if the page does
something like:
while (true)
foo();
Such a page can interfere with the slow script notification being displayed
and interacted with in the parent process, which is quite bad, and that
problem may exacerbate the issue of the long running JS running in the
content process as the user may be unable to stop it.
This came up earlier today in
https://bugzilla.mozilla.org/show_bug.cgi?id=1438214, and I decided to send
a note about the problem so that people can consider coalescing such
messages when the calls to foo() happen too frequently when writing new
code.
Thanks,
--
Ehsan
0 new messages