All security manager interfaces return OOM errors through OP_STATUS return values.
Clients of the security manager interfaces are expected to handle or propagate the error.
Basically called from dom, gadgets and dochand modules to check security aspects like origin checks.
OpSecurityManager singleton is created on startup by the module object.
OpSecurityUtilities::InitializeTables() is using heap memory to store tables over know intranet addresses. These tables are generated on-demand, currently only in CheckGadgetSecurity().
The rest of the heap allocations are done for storing gadget policies parsed from xml.
Very little. No known recursions.
Intranet ranges table (OpSecurityUtilities::InitializeTables()) is created on demand and not freed until exit. The size of the table is very small.
All heap memory is pointed to via the OpSecurityManager singleton in the module object and is freed by the module object on exit.
Not used at all in this module.
No tuning possible.
None.
Run widgets with various policies and javascript running cross domain scripts.
The module selftest covers a lot of the code, but you need to force OOM in order to test the OOM behaviour.
None of interest.
GadgetUrlFilter::UrlFieldAsString uses a TempBuffer object whose storage is not ever freed until Opera exits. In edge cases of very long URLs or parts of URLs, it will take up a certain amount of heap which is not made available for the rest of the time Opera exists. This buffer should probably be freed for strings above a certain length.