[webkit-dev] Bad Qt API?

Eric Seidel eric at webkit.org
Wed Aug 25 11:51:33 PDT 2010


Furthermore, any loops like this:

    for (RefPtr<Node> child = m_element->firstChild(); child;) {

which allow synchronous javascript execution (i.e. take an
ExceptionCode parameter) are vulnerable to crashes/security holes. :(

All of those enclose* functions use such loops. :(

-eric

On Wed, Aug 25, 2010 at 11:47 AM, Eric Seidel <eric at webkit.org> wrote:
> My comments apply to all of the enclose* APIs in that file.
>
> On Wed, Aug 25, 2010 at 11:46 AM, Eric Seidel <eric at webkit.org> wrote:
>> /*!
>>    Encloses the contents of this element with the result of parsing \a markup.
>>    This element becomes the child of the deepest descendant within \a markup.
>>
>>    \sa encloseWith()
>> */
>> void QWebElement::encloseContentsWith(const QString &markup)
>>
>>
>> http://trac.webkit.org/browser/trunk/WebKit/qt/Api/qwebelement.cpp#L1248
>>
>> These enclose methods use at least 2 deprecated parts of parser code
>> (HTMLElement::endTagRequirement() and
>> HTMLElement::deprecatedCreateContextualFragment()).
>>
>> They're clear layering violations, and make little sense to me.
>>
>> Who wants to call this API?  Can it be removed from Qt?
>>
>> -eric
>>
>


More information about the webkit-dev mailing list