[webkit-reviews] review granted: [Bug 14319] Move the Selection object out of the JS bindings : [Attachment 15210] updated patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 26 14:26:22 PDT 2007

Geoffrey Garen <ggaren at apple.com> has granted Sam Weinig <sam at webkit.org>'s
request for review:
Bug 14319: Move the Selection object out of the JS bindings

Attachment 15210: updated patch

------- Additional Comments from Geoffrey Garen <ggaren at apple.com>
+	 return "";

A different way to do this is to return String(), which gives you the null
string. I'm not sure which we want here -- null string or empty string --
though. Empty seems fine.

This patch doesn't fix the security problem, but, like I said, I don't think it
introduced the problem, either. Can you file a new bug about it?

One solution to the security problem would be to call
DOMSelection::disconnectFrame inside Window::clear. Another solution would be
to include isSafeScript checks in the JSSelection object.

More information about the webkit-reviews mailing list