[webkit-reviews] review granted: [Bug 70973] XSSAuditor is silent : [Attachment 113066] Proposed patch + improved boolean naming.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 2 11:52:26 PDT 2011
Adam Barth <abarth at webkit.org> has granted Thomas Sepez <tsepez at chromium.org>'s
request for review:
Bug 70973: XSSAuditor is silent
https://bugs.webkit.org/show_bug.cgi?id=70973
Attachment 113066: Proposed patch + improved boolean naming.
https://bugs.webkit.org/attachment.cgi?id=113066&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=113066&action=review
The WebKit2 stuff is kind of mysterious to me, but looks plausible.
> Source/WebCore/html/parser/XSSAuditor.cpp:292
> + if (blockEntirePage)
> + m_parser->document()->frame()->loader()->stopAllLoaders();
It's kind of odd that we do half of this before notifying the client and half
afterwards. Maybe we should do it all before now that we're not getting a URL
from the client?
> Source/WebCore/loader/FrameLoaderClient.h:211
> + virtual void didDetectXSS(const KURL&, bool blockEntirePage) = 0;
didBlockEntirePage ?
More information about the webkit-reviews
mailing list