[webkit-reviews] review denied: [Bug 23900] Prevent frames from calling themselves _top : [Attachment 27749] New patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 19 01:58:34 PST 2009
Alexey Proskuryakov <ap at webkit.org> has denied Sverrir Á. Berg
<sverrir at chromium.org>'s request for review:
Bug 23900: Prevent frames from calling themselves _top
https://bugs.webkit.org/show_bug.cgi?id=23900
Attachment 27749: New patch
https://bugs.webkit.org/attachment.cgi?id=27749&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
What do other browsers do with e.g. "_foobar"? Please check, because being more
restrictive than others is dangerous. Have you checked that the name "_top" is
ignored by other browsers?
The test doesn't need to dump pixels, but it needs to have some text explaining
what's going on (the title alone isn't enough). This may be easier to achieve
with IFrame. E.g.
<p>Test for <a href="https://bugs.webkit.org/show_bug.cgi?id=23900">bug
23900</a>: A frame named _top crashes the browser.</p><p>PASS if no crash.</p>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
</script>
<iframe name="_top" src="about:blank"></iframe>
The function allowedChildName() should be a static in cpp file - it doesn't use
data members, so there is no reason to make it a private member. We start such
function names with "is":
static bool isAllowedChildName(const AtomicString& name)
{...}
More information about the webkit-reviews
mailing list