[webkit-reviews] review denied: [Bug 32085] WebSocket should block the same ports that are blocked for resource loading : [Attachment 44191] proposed patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 3 09:29:53 PST 2009
Darin Adler <darin at apple.com> has denied Alexey Proskuryakov <ap at webkit.org>'s
request for review:
Bug 32085: WebSocket should block the same ports that are blocked for resource
loading
https://bugs.webkit.org/show_bug.cgi?id=32085
Attachment 44191: proposed patch
https://bugs.webkit.org/attachment.cgi?id=44191&action=review
------- Additional Comments from Darin Adler <darin at apple.com>
> + Move isDefaultPortForProtocol() to KURL, because that's a better
place for it (SecurityOrigin
> + is not even in WebCore/platform directory).
I think KURL.h is a good source file for this. But I would slightly prefer a
free function to a static member function.
> + typedef HashMap<String, unsigned> DefaultPortsMap;
> + DEFINE_STATIC_LOCAL(DefaultPortsMap, defaultPorts, ());
> + if (defaultPorts.isEmpty()) {
> + defaultPorts.set("http", 80);
> + defaultPorts.set("https", 443);
> + defaultPorts.set("ftp", 21);
> + defaultPorts.set("ftps", 990);
> + }
Is it safe to use a case-sensitive map for this? Do callers all lowercase the
protocol first? Should we assert that the passed in string has no uppercase
ASCII letters in it?
> +bool KURL::portAllowed(const KURL& url)
This should be an ordinary member function, not a static member function. Or
alternatively it could be a free function.
> + // If the port is not in the blocked port list, allow it.
> + if (!std::binary_search(blockedPortList, blockedPortListEnd, port))
> + return true;
I'd like to see "using namespace std" rather than "std::binary_search".
I'd like to see an assertion that the list is sorted properly, because it seems
it would be easy to accidentally add a new port and not keep the list sorted.
I'm going to say review- because I think you should do at least one of the
things I suggest above. If you don't agree, feel free to put this same patch up
for review again.
More information about the webkit-reviews
mailing list