[webkit-reviews] review denied: [Bug 107998] Drag and drop events should be forwarded to HTML embedded with object tag. : [Attachment 184900] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 26 23:14:16 PST 2013
Alexey Proskuryakov <ap at webkit.org> has denied Daniel Cheng
<dcheng at chromium.org>'s request for review:
Bug 107998: Drag and drop events should be forwarded to HTML embedded with
object tag.
https://bugs.webkit.org/show_bug.cgi?id=107998
Attachment 184900: Patch
https://bugs.webkit.org/attachment.cgi?id=184900&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=184900&action=review
r- because there is no rationale posted in Bugzilla, and because this
introduces a security bug.
> Source/WebCore/page/EventHandler.cpp:1912
> + if (!target->hasTagName(frameTag) && !target->hasTagName(iframeTag) &&
!target->hasTagName(objectTag))
> return false;
>
> frame = static_cast<HTMLFrameElementBase*>(target)->contentFrame();
This introduces a security bug due to a bad cast.
> Source/WebCore/page/EventHandler.cpp:1914
> + return (frame);
This is not normal WebKit style.
More information about the webkit-reviews
mailing list