[webkit-reviews] review denied: [Bug 59850] CSP script-src should block eval : [Attachment 91773] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 29 17:44:13 PDT 2011
Eric Seidel <eric at webkit.org> has denied Adam Barth <abarth at webkit.org>'s
request for review:
Bug 59850: CSP script-src should block eval
https://bugs.webkit.org/show_bug.cgi?id=59850
Attachment 91773: Patch
https://bugs.webkit.org/attachment.cgi?id=91773&action=review
------- Additional Comments from Eric Seidel <eric at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=91773&action=review
> LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked.html:11
> +This test passes if it doesn't alert fail.
This is confusing.
> Source/JavaScriptCore/runtime/Executable.cpp:106
> + return throwError(exec, createEvalError(exec, "Eval is disabled"));
Is this the right text?
> Source/JavaScriptCore/runtime/JSGlobalObject.h:115
> + bool m_isEvalEnabled : 1;
Do we worry about the size of this object?
More information about the webkit-reviews
mailing list