[webkit-reviews] review denied: [Bug 66585] XSS filter bypass via document.write(location.href) and fragments : [Attachment 105806] Patch plus test case changes from prev attachment.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 31 12:03:19 PDT 2011
Adam Barth <abarth at webkit.org> has denied Thomas Sepez <tsepez at chromium.org>'s
request for review:
Bug 66585: XSS filter bypass via document.write(location.href) and fragments
https://bugs.webkit.org/show_bug.cgi?id=66585
Attachment 105806: Patch plus test case changes from prev attachment.
https://bugs.webkit.org/attachment.cgi?id=105806&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=105806&action=review
This looks great. Below are just some style nits.
> Source/WebCore/html/parser/XSSAuditor.cpp:119
> +static String fullyDecodeString(const String& string,
> + const TextResourceDecoder* decoder)
WebKit usually keeps function declarations to one line.
> Source/WebCore/html/parser/XSSAuditor.cpp:121
> + size_t workingLen;
workingLen => workingLength
WebKit likes variable names make from complete words.
> Source/WebCore/html/parser/XSSAuditor.cpp:129
> + CString workingStringUTF8 = workingString.utf8();
> + String decodedString = decoder->encoding().decode(
4-space indent, pls.
> Source/WebCore/html/parser/XSSAuditor.cpp:130
> + workingStringUTF8.data(), workingStringUTF8.length());
Also, this should be on one line. There is no 80 column line limit in WebKit.
> Source/WebCore/html/parser/XSSAuditor.cpp:469
> + return false;
4-space indent
More information about the webkit-reviews
mailing list