[webkit-reviews] review denied: [Bug 61403] Video fails to play on Vimeo : [Attachment 94822] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 25 13:24:24 PDT 2011
Darin Adler <darin at apple.com> has denied Jer Noble <jer.noble at apple.com>'s
request for review:
Bug 61403: Video fails to play on Vimeo
https://bugs.webkit.org/show_bug.cgi?id=61403
Attachment 94822: Patch
https://bugs.webkit.org/attachment.cgi?id=94822&action=review
------- Additional Comments from Darin Adler <darin at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=94822&action=review
>
Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundationObj
C.mm:785
> + return requestedURL.host() == resolvedURL.host() && requestedURL.port()
== resolvedURL.port();
Normally, security origin checks need to cover protocol as well as host and
port.
It’s probably safest to do security origin checks by constructing
SecurityOrigin objects and using the member functions of the SecurityOrigin
class rather than writing custom logic here. But if we have to have custom
logic, it should be sure to check protocol.
> Source/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm:1621
> + return requestedURL.host() == resolvedURL.host() && requestedURL.port()
== resolvedURL.port();
Same comment.
More information about the webkit-reviews
mailing list