[webkit-reviews] review denied: [Bug 27719] [Chromium] Regression in r42671 - js event object being hidden. : [Attachment 34595] patch4
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 11 14:46:51 PDT 2009
Adam Barth <abarth at webkit.org> has denied Nate Chapin <japhet at chromium.org>'s
request for review:
Bug 27719: [Chromium] Regression in r42671 - js event object being hidden.
https://bugs.webkit.org/show_bug.cgi?id=27719
Attachment 34595: patch4
https://bugs.webkit.org/attachment.cgi?id=34595&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
Ok. One more subtle issue, then we should be all set. When you write bindings
for the window object, you have to be super careful about security because the
window object is exposed across domains. In particular, you need to add an
access control check:
if (!V8Proxy::canAccessFrame(imp->frame(), true))
return v8::Undefined();
(I'm not sure what that "true" is about, you should investigate before adding
this code.)
Also, you should be aware that frame() might be null if the window is detached
from the frame. In that case, you probably want to return without doing
anything. You can look at addEventListener as a model:
http://trac.webkit.org/browser/trunk/WebCore/bindings/v8/custom/V8DOMWindowCust
om.cpp#L197
More information about the webkit-reviews
mailing list