On Wed, Feb 11, 2009 at 6:51 AM, Dean McNamee <de...@chromium.org> wrote: > In some of these cases, we are probably just using the HWND out of > convenience so we don't have to keep state.
Yes--we also in some cases use the HWND's "user data" to hang state off of so that we don't have to track it over the window's lifetime. test_shell, for example, originally used this to associate an instance of TestShell with a window (which I replaced with a map when we brought it up on the Mac). > I'm thinking maybe the best solution is along the lines of Adam's > idea. Basically some opaque 64-bit (or bigger) ID that we can pass to > the renderer and have it pass back. This ID will encapsulate a > NativeViewId, along with security privileges. This could be > implemented all in the ID, along with an HMAC to make sure it's not > tampered with. It could also be an ID into a state table, much like > how securable HANDLE objects work on Windows. The HMAC implementation > is probably the easiest. > > I have no idea what the situation is like on Mac. The situation on the Mac is very similar to what you've described for Gtk. There is a system-wide window ID for each window, but it's not visible or usable to most APIs; the most useful native window reference is a per-process object pointer. I like the idea of wrapping an index/ID in an opaque wrapper that can be passed back and forth over IPC, though I also don't mind the idea of tracking state on the browser side to make tamper detection easier or even moot. It seems like there would be very few places where the browser would need the renderer to track a window reference. > This is going to effect us immediately, as we're pulling up > multiprocess Linux. So I think it should be a priority to figure this > out soon. Same for the Mac, so agreed. --Amanda --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---