[webkit-reviews] review denied: [Bug 110733] XSSAuditor should send only one console error when blocking a page. : [Attachment 192211] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Mar 10 08:45:56 PDT 2013
Adam Barth <abarth at webkit.org> has denied review:
Bug 110733: XSSAuditor should send only one console error when blocking a page.
https://bugs.webkit.org/show_bug.cgi?id=110733
Attachment 192211: Patch
https://bugs.webkit.org/attachment.cgi?id=192211&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=192211&action=review
Something is confused about this patch. We shouldn't need to send the
document's URL back to the main thread in the XSSInfo. Whoever receives the
XSSInfo on the main thread will have access to the document and therefore its
URL and HTTPBody.
> Source/WebCore/html/parser/XSSAuditor.cpp:321
> + // If we discover XSS, we'll need this for reporting and console
messages later on.
> + m_originalURL = m_documentURL.string().isolatedCopy();
Why do we need to make another copy of this string?
More information about the webkit-reviews
mailing list