[webkit-reviews] review requested: [Bug 21288] Implement HTML5's sandbox attribute for iframes : [Attachment 43431] Revised patch in response to comment #38 and comment #39.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 18 06:01:15 PST 2009
Patrik Persson <patrik.j.persson at ericsson.com> has asked for review:
Bug 21288: Implement HTML5's sandbox attribute for iframes
https://bugs.webkit.org/show_bug.cgi?id=21288
Attachment 43431: Revised patch in response to comment #38 and comment #39.
https://bugs.webkit.org/attachment.cgi?id=43431&action=review
------- Additional Comments from Patrik Persson <patrik.j.persson at ericsson.com>
I understand your concerns regarding SecurityOrigin::equal(). We had a
closer look, and think that SecurityOriginHash is a better place for
this check. The check now explicitly concerns hash table equality (for
same-origin comparisons). The change also fits nicely with a FIXME in
SecurityOrigin calling for similar refactoring.
In a sense the concern regarding equal() remains, but on a smaller
scale (SecurityOriginHash rather than SecurityOrigin). I am currently
unable to see how to get around this without a re-design of the local
storage database. (As long as the database uses hash tables for
same-origin comparisons, there has to be an equals() somewhere that
compares two SecurityOrigins and accounts for sandboxing.)
Please let us know what you think of this design.
Other changes:
* Revised ScriptController check.
* Refactored frame subtree traversal in FrameLoader.
* Added early return to HTMLFrameOwnerElement::setSandboxFlags() and
FrameLoader::updateSandboxFlagsForSingleFrame().
* Fixed capitalization in Document.cpp comments.
More information about the webkit-reviews
mailing list