[webkit-dev] Bad Qt API?
Eric Seidel
eric at webkit.org
Wed Aug 25 11:51:33 PDT 2010
Furthermore, any loops like this:
for (RefPtr<Node> child = m_element->firstChild(); child;) {
which allow synchronous javascript execution (i.e. take an
ExceptionCode parameter) are vulnerable to crashes/security holes. :(
All of those enclose* functions use such loops. :(
-eric
On Wed, Aug 25, 2010 at 11:47 AM, Eric Seidel <eric at webkit.org> wrote:
> My comments apply to all of the enclose* APIs in that file.
>
> On Wed, Aug 25, 2010 at 11:46 AM, Eric Seidel <eric at webkit.org> wrote:
>> /*!
>> Encloses the contents of this element with the result of parsing \a markup.
>> This element becomes the child of the deepest descendant within \a markup.
>>
>> \sa encloseWith()
>> */
>> void QWebElement::encloseContentsWith(const QString &markup)
>>
>>
>> http://trac.webkit.org/browser/trunk/WebKit/qt/Api/qwebelement.cpp#L1248
>>
>> These enclose methods use at least 2 deprecated parts of parser code
>> (HTMLElement::endTagRequirement() and
>> HTMLElement::deprecatedCreateContextualFragment()).
>>
>> They're clear layering violations, and make little sense to me.
>>
>> Who wants to call this API? Can it be removed from Qt?
>>
>> -eric
>>
>
More information about the webkit-dev
mailing list