[Webkit-unassigned] [Bug 27872] crash: external use script visibility
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 30 15:45:43 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27872
Nikolas Zimmermann <zimmermann at kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zimmermann at kde.org
--- Comment #6 from Nikolas Zimmermann <zimmermann at kde.org> 2009-09-30 15:45:43 PDT ---
Easy answer, it is not implemented at all. I skipped it in the initial <use>
implementation, because of security concerns. This needs to be carefully
implemented.
All pieces related to the actual loading & caching of remote resources is of
course already implemented in WebCore - a similar logic like
'ImageLoader'/'SVGImageLoader' is needed to handle external SVG document
fragments.
Once that logic is existant it's probably just a matter of parsing the remote
document and cloning a deep-copy of the element in question and including it in
the <use> shadow tree.
This is a root of possible security problems, so we have to be extra-careful
about what we allow to clone (ie. not a script element or sth. related!).
Charles, I hope that helps you to get started?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list