[webkit-reviews] review granted: [Bug 21705] Implement Web Workers client-side API : [Attachment 24457] proposed patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 18 01:38:44 PDT 2008
Oliver Hunt <oliver at apple.com> has granted Alexey Proskuryakov
<ap at webkit.org>'s request for review:
Bug 21705: Implement Web Workers client-side API
https://bugs.webkit.org/show_bug.cgi?id=21705
Attachment 24457: proposed patch
https://bugs.webkit.org/attachment.cgi?id=24457&action=edit
------- Additional Comments from Oliver Hunt <oliver at apple.com>
In constructDedicatedWorker toString() may throw so you should probably
exception check there
In DedicatedWorker::DedicatedWorker shouldn't 'if
(!document->securityOrigin()->canAccess(SecurityOrigin::createFromString(url).g
et())) ' be referencing m_scriptURL ?
Is there anything here that can be tested yet? Perhaps security tests to make
sure we can't create a DedicatedWorker for an unsafe url, also
new DedicatedWorker({toString:function(){throw "Woo!!!!11!!one!";}})
and
var foo = {toString:function(){new DedicatedWorker(foo);}}
new DedicatedWorker(foo)
Although i think that should magically be limited to ~500 levels of recursion
it's worth testing -- I wonder if we should however actually just require that
we be given a real string -- eg. not a generic object.
other than these minor questions, r=me
More information about the webkit-reviews
mailing list