[Webkit-unassigned] [Bug 21288] Implement HTML5's sandbox attribute for iframes

Wed Nov 18 06:01:25 PST 2009

https://bugs.webkit.org/show_bug.cgi?id=21288

Patrik Persson <patrik.j.persson at ericsson.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #43367|0                           |1
        is obsolete|                            |
  Attachment #43431|                            |review?
               Flag|                            |

--- Comment #40 from Patrik Persson <patrik.j.persson at ericsson.com>  2009-11-18 06:01:14 PST ---
Created an attachment (id=43431)
 --> (https://bugs.webkit.org/attachment.cgi?id=43431)
Revised patch in response to comment #38 and comment #39.

I understand your concerns regarding SecurityOrigin::equal(). We had a
closer look, and think that SecurityOriginHash is a better place for
this check. The check now explicitly concerns hash table equality (for
same-origin comparisons). The change also fits nicely with a FIXME in
SecurityOrigin calling for similar refactoring.

In a sense the concern regarding equal() remains, but on a smaller
scale (SecurityOriginHash rather than SecurityOrigin). I am currently
unable to see how to get around this without a re-design of the local
storage database. (As long as the database uses hash tables for
same-origin comparisons, there has to be an equals() somewhere that
compares two SecurityOrigins and accounts for sandboxing.)

Please let us know what you think of this design.

Other changes:

* Revised ScriptController check.

* Refactored frame subtree traversal in FrameLoader.

* Added early return to HTMLFrameOwnerElement::setSandboxFlags() and
  FrameLoader::updateSandboxFlagsForSingleFrame().

* Fixed capitalization in Document.cpp comments.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.