[webkit-reviews] review granted: [Bug 60384] Wire up CSP's eval blocking to V8's new API : [Attachment 92605] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 6 12:05:16 PDT 2011
Eric Seidel <eric at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 60384: Wire up CSP's eval blocking to V8's new API
https://bugs.webkit.org/show_bug.cgi?id=60384
Attachment 92605: Patch
https://bugs.webkit.org/attachment.cgi?id=92605&action=review
------- Additional Comments from Eric Seidel <eric at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review
Does this need a DEPs update?
> Source/WebCore/bindings/v8/ScriptController.cpp:310
> + m_proxy->windowShell()->initContextIfNeeded();
I wonder how many places might be missing this call. :)
> Source/WebCore/bindings/v8/ScriptController.cpp:317
> + v8Context->AllowCodeGenerationFromStrings(false);
I wonder how many other things this may unintentionally break? Doesn't
chrome/v8 execute js strings internally all over the place?
More information about the webkit-reviews
mailing list