On Nov 15, 2012, at 2:16 PM, Chris Evans <cev...@chromium.org> wrote:
> On Thu, Nov 15, 2012 at 11:49 AM, Geoffrey Garen <gga...@apple.com> wrote: > On Nov 14, 2012, at 3:19 PM, Chris Evans <cev...@chromium.org> wrote: > >> A first step might be to make it a platform define. For the Chromium >> platform we'd leave the define "on" -- there are some nice security >> properties we get from having the RenderObjects in their own spot. I'm happy >> to go in to more details if you want, but it's similar (although not >> identical) to the blog post linked by Brendan regarding Firefox. >> >> Not all WebKit consumers need weight things the same way as the Chromium >> port of course, but at least for us, the security win outweighs any quirks >> of RenderArena. > > r- > > Don't do this. > > Ok, no platform define for RenderArena. There's also an implicit r- on > removing the thing, though, as we'd regress security(!!) and performance. > Seems we're stuck with the thing. I don't think anyone is asking for immediate removal. At the very least we'd need a way to get the same performance - this has also been clear. Your new info also highlights the security benefits, and we'd have to address that too. Perhaps as we explore ways to improve robustness against use-after-free attacks for other, non-render-tree objects, we will find a solution that would be as effective as RenderArena even for renderers. Regards, Maciej
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo/webkit-dev
