[webkit-reviews] review granted: [Bug 14319] Move the Selection
object out of the JS bindings : [Attachment 15210] updated patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 26 14:26:22 PDT 2007
Geoffrey Garen <ggaren at apple.com> has granted Sam Weinig <sam at webkit.org>'s
request for review:
Bug 14319: Move the Selection object out of the JS bindings
http://bugs.webkit.org/show_bug.cgi?id=14319
Attachment 15210: updated patch
http://bugs.webkit.org/attachment.cgi?id=15210&action=edit
------- Additional Comments from Geoffrey Garen <ggaren at apple.com>
+ return "";
A different way to do this is to return String(), which gives you the null
string. I'm not sure which we want here -- null string or empty string --
though. Empty seems fine.
This patch doesn't fix the security problem, but, like I said, I don't think it
introduced the problem, either. Can you file a new bug about it?
One solution to the security problem would be to call
DOMSelection::disconnectFrame inside Window::clear. Another solution would be
to include isSafeScript checks in the JSSelection object.
More information about the webkit-reviews
mailing list