Adding diagram to IPC policy document. Change-Id: I7acf966d74836824a76aa017311aa8fe301816bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2872442 Reviewed-by: Chris Palmer <[email protected]> Commit-Queue: Adrian Taylor <[email protected]> Cr-Commit-Position: refs/heads/master@{#879107}

commit: 46683d8cf2233f7029ffa2d37fad7db3ba2342ad [log] [tgz]
author: Adrian Taylor <[email protected]> Tue May 04 22:30:22 2021
committer: Chromium LUCI CQ <[email protected]> Tue May 04 22:30:22 2021
tree: efb2ce1ae278ea096eff01c7b1e8c2debd56a93b
parent: 2b4c95923a9f839ca8459554a8e338f0c9a99e55 [diff] [blame]
diff --git a/docs/security/handling-messages-from-web-content.md b/docs/security/handling-messages-from-web-content.md
index d32276e..d569305 100644
--- a/docs/security/handling-messages-from-web-content.md
+++ b/docs/security/handling-messages-from-web-content.md

@@ -1,5 +1,12 @@
 # The browser process should not handle messages from web content
 
+![alt text](good-bad-ipc.png "Safe flow of IPC messages from renderer to
+browser, via reviewed APIs; together with two example unsafe flows via
+postMessage and via unreviewed APIs")
+
+(drawing source
+[here](https://docs.google.com/drawings/d/1SmqvOvLY_DnDxeJHKQRB3rACO0aVSHpyfTycV2v1P1w/edit?usp=sharing))
+
 Sometimes features are proposed in which the Chrome user interface (in the
 browser process) handles messages directly from web content (JavaScript, HTML
 etc.). For example, this could be done using the `postMessage` APIs which have
commit	46683d8cf2233f7029ffa2d37fad7db3ba2342ad	[log] [tgz]
author	Adrian Taylor <[email protected]>	Tue May 04 22:30:22 2021
committer	Chromium LUCI CQ <[email protected]>	Tue May 04 22:30:22 2021
tree	efb2ce1ae278ea096eff01c7b1e8c2debd56a93b
parent	2b4c95923a9f839ca8459554a8e338f0c9a99e55 [diff] [blame]