[webkit-reviews] review requested: [Bug 21288] Implement HTML5's sandbox attribute for iframes : [Attachment 43367] New patch for HTML5 iframe sandboxing.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 17 10:11:08 PST 2009
Patrik Persson <patrik.j.persson at ericsson.com> has asked for review:
Bug 21288: Implement HTML5's sandbox attribute for iframes
https://bugs.webkit.org/show_bug.cgi?id=21288
Attachment 43367: New patch for HTML5 iframe sandboxing.
https://bugs.webkit.org/attachment.cgi?id=43367&action=review
------- Additional Comments from Patrik Persson <patrik.j.persson at ericsson.com>
Changes:
* Changed openerFrame to lexicalFrame in JSDOMWindow::createWindow().
* Moved sandbox flag management to FrameLoader. Functions
updateSandboxFlags() and inheritSandboxFlags() have been combined
into the single function ownerElementSandboxFlagsChanged().
* Moved SandboxFlag(s) type definitions to FrameLoaderTypes.h.
* Removed HTMLFrameOwnerElement::insertedIntoDocument() override
(unnecessary in this design).
* Removed erroneous inDocument() check in
HTMLAppletElement::isJavaEnabled().
* Renamed HTMLFrameOwnerElement::m_sandboxFlagsFromAttribute to
m_sandboxFlags.
* Introduced SecurityOrigin::canCreateDatabase(). I was not able to
figure out how to use canAccess() or canRequest() for this purpose
in a clear way.
* Changed function parseSandboxAttribute() in HTMLIFrameElement to use
regular Strings. Also renamed 'newSandboxFlags' to 'flags' in same
function.
* Moved sandboxing check from SecurityOrigin::isSameSchemeHostPort()
to SecurityOrigin::equal(). (Database origin checks depend on it.)
* Added sandboxing check to passesAccessControlCheck() in
CrossOriginAccessControl.cpp.
* I have NOT addressed the comment on ScriptController::isEnabled()
(comment #32). There's quite a lot of calls to it. If someone
proposes a better name for this function (or another way of doing
it), we'll be happy to change it.
* Minor changes to match coding guidelines:
- changed "ec == 0" to "!ec" in InspectorController.cpp
Please let us know what you think.
More information about the webkit-reviews
mailing list