[Webkit-unassigned] [Bug 21288] Implement HTML5's sandbox attribute for iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 18 06:01:25 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=21288
Patrik Persson <patrik.j.persson at ericsson.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #43367|0 |1
is obsolete| |
Attachment #43431| |review?
Flag| |
--- Comment #40 from Patrik Persson <patrik.j.persson at ericsson.com> 2009-11-18 06:01:14 PST ---
Created an attachment (id=43431)
--> (https://bugs.webkit.org/attachment.cgi?id=43431)
Revised patch in response to comment #38 and comment #39.
I understand your concerns regarding SecurityOrigin::equal(). We had a
closer look, and think that SecurityOriginHash is a better place for
this check. The check now explicitly concerns hash table equality (for
same-origin comparisons). The change also fits nicely with a FIXME in
SecurityOrigin calling for similar refactoring.
In a sense the concern regarding equal() remains, but on a smaller
scale (SecurityOriginHash rather than SecurityOrigin). I am currently
unable to see how to get around this without a re-design of the local
storage database. (As long as the database uses hash tables for
same-origin comparisons, there has to be an equals() somewhere that
compares two SecurityOrigins and accounts for sandboxing.)
Please let us know what you think of this design.
Other changes:
* Revised ScriptController check.
* Refactored frame subtree traversal in FrameLoader.
* Added early return to HTMLFrameOwnerElement::setSandboxFlags() and
FrameLoader::updateSandboxFlagsForSingleFrame().
* Fixed capitalization in Document.cpp comments.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list