[webkit-qt] API review, comments needed!

Simon Hausmann simon.hausmann at nokia.com
Mon Mar 22 09:21:01 PDT 2010


On Monday 22 March 2010 Hansen Kent (Nokia-D-Qt/Oslo), wrote:
> Hausmann Simon (Nokia-D-Qt/Oslo) wrote:
> > QWebSettings:
> [...]
> 
> >    * Should it be XSSAudit_ing_Enabled?
> 
> Does anyone have an opinion on the name (Robert)?
> I suppose it's called XSSAuditor because that's how it's called in the
> internal API. But "auditing" is the feature, "auditor" is the component
> that provides the feature, right? Which is why it's called
> AcceleratedCompositingEnabled and not AcceleratedCompositorEnabled.
> But I'd like to hear at least one "yay" or "nay" whether to change the
> name.

Other names include "XSS filter" or "Reflective XSS protection":

http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html

I can see that in the Chromium API it's also called the "XSS Auditor", but I 
agree that "XSSAuditing" sounds more consistent next to say 
"AcceleratedCompositing" instead of "Compositor".

Adam, are there any public docs for the auditing feature that we could point 
to from the docs and try to be consistent with in terms of the naming?

Or is "XSS Filter" or "XSS Filtering" a better name?


Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.webkit.org/pipermail/webkit-qt/attachments/20100322/a694d3ef/attachment.bin>


More information about the webkit-qt mailing list