[webkit-reviews] review denied: [Bug 27719] [Chromium] Regression in r42671 - js event object being hidden. : [Attachment 34595] patch4

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Aug 11 14:46:51 PDT 2009

Adam Barth <abarth at webkit.org> has denied Nate Chapin <japhet at chromium.org>'s
request for review:
Bug 27719: [Chromium] Regression in r42671 - js event object being hidden.

Attachment 34595: patch4

------- Additional Comments from Adam Barth <abarth at webkit.org>
Ok.  One more subtle issue, then we should be all set.	When you write bindings
for the window object, you have to be super careful about security because the
window object is exposed across domains.  In particular, you need to add an
access control check:

 if (!V8Proxy::canAccessFrame(imp->frame(), true))
	return v8::Undefined();

(I'm not sure what that "true" is about, you should investigate before adding
this code.)

Also, you should be aware that frame() might be null if the window is detached
from the frame.  In that case, you probably want to return without doing
anything.  You can look at addEventListener as a model:


More information about the webkit-reviews mailing list