[Webkit-unassigned] [Bug 13221] New: VitalSource Bookshelf should not pass return statements into stringByEvaluatingJavaScriptFromString

Wed Mar 28 14:21:45 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=13221

           Summary: VitalSource Bookshelf should not pass return statements
                    into stringByEvaluatingJavaScriptFromString
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Evangelism
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: adele at apple.com

VitalSource Bookshelf should not pass return statements into
stringByEvaluatingJavaScriptFromString.

While investigating this VitalSource Bookshelf bug:

http://bugs.webkit.org/show_bug.cgi?id=12587
REGRESSION: VitalSource Bookshelf registering for a new account fails in TOT

We realized that their application code was calling [WebView
stringByEvaluatingJavaScriptFromString] with strings like:

"return document.forms[0].elements.length"

We used to allow this, but now we have error checking to make sure return
statements are within a function, and this will throw a Javascript exception.

We are adding a workaround for this application, but we need to notify
VitalSource, so they can change their code.

They seem to be using these calls to contruct a url string that contains the
form elements' values.  But they should just be able to use the ObjC DOM calls
to submit the form directly.

If they keep their current code, they should just send strings like
"document.forms[0].elements.length"

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.