[webkit-reviews] review granted: [Bug 60489] XSSAuditor should be more selective about the <meta http-equivs> that it blocks : [Attachment 92815] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon May 9 12:00:06 PDT 2011


Daniel Bates <dbates at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 60489: XSSAuditor should be more selective about the <meta http-equivs>
that it blocks
https://bugs.webkit.org/show_bug.cgi?id=60489

Attachment 92815: Patch
https://bugs.webkit.org/attachment.cgi?id=92815&action=review

------- Additional Comments from Daniel Bates <dbates at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=92815&action=review

> Source/WebCore/ChangeLog:28
> +	   (WebCore::isNonCanonicalCharacter):
> +	   (WebCore::canonicalize):
> +	   (WebCore::isRequiredForInjection):
> +	   (WebCore::hasName):
> +	   (WebCore::findAttributeWithName):
> +	   (WebCore::isNameOfInlineEventHandler):
> +	   (WebCore::isDangerousHTTPEquiv):
> +	   (WebCore::containsJavaScriptURL):
> +	   (WebCore::decodeURL):
> +	   (WebCore::XSSFilter::eraseAttributeIfInjected):

Most of the changes to these methods is because this patch moves them from
being in an anonymous namespace to being static functions. So, as to demarcate
the syntactic change from the actual change for this bug I suggest adding a
remark to the right of isDangerousHTTPEquiv to mention that it was added and
add some sort of remark to the other functions (or general sentence to the
commit message) to describe the syntactic changes. Alternatively, you could
split this into two patches/bugs. One to move the methods from being in an
anonymous namespace to being static functions. And one patch/bug to actually
make the change described in this bug.


More information about the webkit-reviews mailing list