On Wed, Feb 11, 2009 at 8:21 AM, Adam Barth <aba...@google.com> wrote:
> I don't see why we need an HMAC. Just keep a set of valid window IDs
> in RendererSecurityPolicy and validate the IDs as they come off the
> IPC channel.
The HMAC comment in the commit log was just gentle musing, we probably
should keep an explicit mapping of valid NativeViewId arguments. (That
way we can revoke them easily too.)
When I went round and NativeViewId'ed the renderer code I left the
plugin code and messages alone because I frankly had no idea what was
going on with them. Hopefully Dean does now ;)
AGL
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
