[webkit-reviews] review granted: [Bug 181616] Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011 : [Attachment 331897] Fixes the bug

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 22 09:52:31 PST 2018 

Wenson Hsieh <wenson_hsieh at apple.com> has granted Ryosuke Niwa
<rniwa at webkit.org>'s request for review:
Bug 181616: Blob conversion and sanitization doesn't work with Microsoft Word
for Mac 2011
https://bugs.webkit.org/show_bug.cgi?id=181616

Attachment 331897: Fixes the bug

https://bugs.webkit.org/attachment.cgi?id=331897&action=review




--- Comment #10 from Wenson Hsieh <wenson_hsieh at apple.com> ---
Comment on attachment 331897
  --> https://bugs.webkit.org/attachment.cgi?id=331897
Fixes the bug

View in context: https://bugs.webkit.org/attachment.cgi?id=331897&action=review

> Source/WebCore/ChangeLog:27
> +	   (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing
the markup, and stripping away file URLs.

Hm...this is a bit more aggressive than just stripping away file URLs, since
we're stripping away all URLs that are not one of { http:, https:, data: } by
using shouldReplaceSubresourceURL as the filter.

I understand that maintaining a whitelist of URLs to allow is safer than the
reverse approach, though...but let's make it clear in the ChangeLog.

> Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:533
> +	       removeSubresourceURLAttributes(fragment, [] (const URL& url ) {

Nit - extra space after URL& url

> Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:552
> +	       removeSubresourceURLAttributes(fragment, [] (const URL& url ) {

Nit - extra space after URL& url

> Source/WebCore/editing/markup.h:54
> +String sanitizeMarkup(const String&,
std::optional<std::function<void(DocumentFragment&)>> fragmentSanitizer =
std::nullopt);

Nit - I think we generally prefer to use WTF::Function over std::function.

> Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:117
> +TEST(PasteHTML, StripsHTTPURLs)

Did you mean "StripsFileURLs"?

> Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:131
> +TEST(PasteHTML, DoesNotStripHTTPURLsWhenCustomPasteboardDataIsDisabled)

Ditto, looks like this was meant to be
"DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled"

More information about the webkit-reviews mailing list