[webkit-reviews] review granted: [Bug 181616] Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011 : [Attachment 331897] Fixes the bug
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 22 09:52:31 PST 2018
Wenson Hsieh <wenson_hsieh at apple.com> has granted Ryosuke Niwa
<rniwa at webkit.org>'s request for review:
Bug 181616: Blob conversion and sanitization doesn't work with Microsoft Word
for Mac 2011
https://bugs.webkit.org/show_bug.cgi?id=181616
Attachment 331897: Fixes the bug
https://bugs.webkit.org/attachment.cgi?id=331897&action=review
--- Comment #10 from Wenson Hsieh <wenson_hsieh at apple.com> ---
Comment on attachment 331897
--> https://bugs.webkit.org/attachment.cgi?id=331897
Fixes the bug
View in context: https://bugs.webkit.org/attachment.cgi?id=331897&action=review
> Source/WebCore/ChangeLog:27
> + (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing
the markup, and stripping away file URLs.
Hm...this is a bit more aggressive than just stripping away file URLs, since
we're stripping away all URLs that are not one of { http:, https:, data: } by
using shouldReplaceSubresourceURL as the filter.
I understand that maintaining a whitelist of URLs to allow is safer than the
reverse approach, though...but let's make it clear in the ChangeLog.
> Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:533
> + removeSubresourceURLAttributes(fragment, [] (const URL& url ) {
Nit - extra space after URL& url
> Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:552
> + removeSubresourceURLAttributes(fragment, [] (const URL& url ) {
Nit - extra space after URL& url
> Source/WebCore/editing/markup.h:54
> +String sanitizeMarkup(const String&,
std::optional<std::function<void(DocumentFragment&)>> fragmentSanitizer =
std::nullopt);
Nit - I think we generally prefer to use WTF::Function over std::function.
> Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:117
> +TEST(PasteHTML, StripsHTTPURLs)
Did you mean "StripsFileURLs"?
> Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:131
> +TEST(PasteHTML, DoesNotStripHTTPURLsWhenCustomPasteboardDataIsDisabled)
Ditto, looks like this was meant to be
"DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled"
More information about the webkit-reviews
mailing list