[webkit-reviews] review granted: [Bug 207384] [GTK][WPE] Expose allowTopNavigationToDataURL : [Attachment 390093] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 9 12:21:38 PST 2020
Adrian Perez <aperez at igalia.com> has granted Lauro Moura <lmoura at igalia.com>'s
request for review:
Bug 207384: [GTK][WPE] Expose allowTopNavigationToDataURL
https://bugs.webkit.org/show_bug.cgi?id=207384
Attachment 390093: Patch
https://bugs.webkit.org/attachment.cgi?id=390093&action=review
--- Comment #5 from Adrian Perez <aperez at igalia.com> ---
Comment on attachment 390093
--> https://bugs.webkit.org/attachment.cgi?id=390093
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=390093&action=review
Patch looks great, thanks for submitting it! I think we should land this,
and it only needs a couple of small bits in the API documentation. Feel
free to land it after taking care of them.
> Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:1449
> + * Whether or not the top frame is allowed to navigate to data URLS.
Typo: s/URLS/URLs
It would be nicer to have a couple of lines additional lines here in the API
documentation explaining the reason for the default (disabled), and telling
why some application which embeds a WebKitWebView might want to enable it.
For some cues as to why disabling top-level data:// loads be default is good,
there's this Mozilla blog post:
https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-dat
a-urls-firefox-59/
As for when to enable it, I think that the main use-case is when an application
which is *NOT* a generic web browser embeds a WebKitWebView widget and wants
to load data:// URLs using webkit_web_view_load_uri() to provide content to
be displayed that is controlled by the application.
> Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:1457
> + _("Whether or not top frame navigation is allowed to data
URLS"),
Typo: s/URLS/URLs
More information about the webkit-reviews
mailing list