[Webkit-unassigned] [Bug 16539] Missing same-origin check when calling setTimeout

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 20 21:29:59 PST 2007


sam at webkit.org changed:

           What    |Removed                     |Added
  Attachment #18022|                            |review+
               Flag|                            |

------- Comment #6 from sam at webkit.org  2007-12-20 21:29 PDT -------
(From update of attachment 18022)
This looks great. r=me.  The only thing I might add would be comments in the js
functions objects that shouldn't check  allowsAccessFrom on callAsFunction
(window.open was an example you gave in another bug).  This will be valuable
when we transition more of this file to be auto generated.

It feels a little bad to be calling allowsAccessFrom twice for these functions,
once when getting the function object and once on callAsFunction, but I see no
way around that.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list