[webkit-reviews] review denied: [Bug 21288] Implement HTML5's sandbox attribute for iframes : [Attachment 42859] Revised patch for HTML5 sandboxing.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 10 08:17:40 PST 2009
Adam Barth <abarth at webkit.org> has denied Patrik Persson
<patrik.j.persson at ericsson.com>'s request for review:
Bug 21288: Implement HTML5's sandbox attribute for iframes
https://bugs.webkit.org/show_bug.cgi?id=21288
Attachment 42859: Revised patch for HTML5 sandboxing.
https://bugs.webkit.org/attachment.cgi?id=42859&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
This is getting really close! Thanks for working on this feature.
106 if (accessControlOriginString != "*" &&
securityOrigin->isSandboxed(SandboxOrigin))
I don't quite understand why we need to look at accessControlOriginString in
this check. It seems like passesAccessControlCheck should just return true
unconditionally when accessControlOriginString == "*" before we get here.
Also,
110 if (!accessControlOrigin->isSameSchemeHostPort(securityOrigin))
Should return false when securityOrigin is sandboxed.
90 HTMLFrameOwnerElement::inheritSandboxFlags
Shouldn't this push the new sandbox flags into the document's security origin
to keep it up-to-date?
More information about the webkit-reviews
mailing list