[webkit-reviews] review granted: [Bug 197466] Setting a frame's src to a javascript URL should not run it synchronously : [Attachment 368813] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 2 14:26:29 PDT 2019
Darin Adler <darin at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 197466: Setting a frame's src to a javascript URL should not run it
synchronously
https://bugs.webkit.org/show_bug.cgi?id=197466
Attachment 368813: Patch
https://bugs.webkit.org/attachment.cgi?id=368813&action=review
--- Comment #63 from Darin Adler <darin at apple.com> ---
Comment on attachment 368813
--> https://bugs.webkit.org/attachment.cgi?id=368813
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=368813&action=review
> Source/WebCore/ChangeLog:10
> + to execute it asynchronously, which was a source of security bugs
and also did
asynchronously -> synchronously
> Source/WebCore/loader/NavigationScheduler.cpp:425
> + return completionHandler();
Heh, the "return void" debate. I will refrain from commenting further.
> Source/WebCore/loader/SubframeLoader.cpp:90
> + // If we will schedule a javascript URL load, we need to delay the
firing of the load event at least until we've run the javascript URL.
I think it’s strange wording to say "run the javascript URL"; maybe "run the
JavaScript in the URL"?
More information about the webkit-reviews
mailing list