[webkit-reviews] review denied: [Bug 60800] InjectedScriptSource.js - "Don't be eval()." : [Attachment 93848] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 18 00:02:00 PDT 2011
Yury Semikhatsky <yurys at chromium.org> has denied Adam Barth
<abarth at webkit.org>'s request for review:
Bug 60800: InjectedScriptSource.js - "Don't be eval()."
https://bugs.webkit.org/show_bug.cgi?id=60800
Attachment 93848: Patch
https://bugs.webkit.org/attachment.cgi?id=93848&action=review
------- Additional Comments from Yury Semikhatsky <yurys at chromium.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=93848&action=review
> Source/WebCore/bindings/v8/V8InspectorValue.cpp:40
> +v8::Handle<v8::Value> toV8(InspectorValue* inspectorValue)
InspectorValue is used for constructing JSON objects in native parts of the
inspector. It should not be exposed to the JavaScript code.
> Source/WebCore/inspector/InjectedScriptHost.idl:47
> + // FIXME: parseJSON actually returns an arbitray value.
Should its return type be DOMObject then?
> Source/WebCore/inspector/InjectedScriptHost.idl:48
> + [Custom] void parseJSON(in DOMString json);
This solves only part of the problem. We still need to support evaluation in
the inspected page for inspector console to work. We need to implement
InjectedScriptHost.evaluate instead. This would cover both JSON.parse and
console evaluations. Additionally it wouldn't require bindings for
InspectorValues.
More information about the webkit-reviews
mailing list