[webkit-reviews] review requested: [Bug 24485] Fix Chromium http/tests/security/dataURL/xss-DENIED-* layout tests : [Attachment 28429] DOMWindow.idl patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 9 23:39:05 PDT 2009
Andrew Scherkus <scherkus at chromium.org> has asked for review:
Bug 24485: Fix Chromium http/tests/security/dataURL/xss-DENIED-* layout tests
https://bugs.webkit.org/show_bug.cgi?id=24485
Attachment 28429: DOMWindow.idl patch
https://bugs.webkit.org/attachment.cgi?id=28429&action=review
------- Additional Comments from Andrew Scherkus <scherkus at chromium.org>
I ran all layout tests with and without the patch and saw no regressions.
I'm a bit wary of this patch because it *does* affect all builds (it inserts a
checkNodeSecurity in JSC's JSDOMWindow document getter), so I'm open to ideas
if anyone else knows how to insert a node security check.
I couldn't find how WebKit passes the tests without the CheckNodeSecurity. I'm
almost wondering if there is some duplicated logic or custom binding code
written somewhere that this patch could help remove.
The failing tests for Chromium V8 in particular are:
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-d
ata-url-sub-frame.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.ht
ml
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url.ht
ml
More information about the webkit-reviews
mailing list