[Webkit-unassigned] [Bug 39670] [Qt] WebView::setUrl crashes after Qt4.7
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 23 18:12:03 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=39670
--- Comment #21 from Adam Barth <abarth at webkit.org> 2010-12-23 18:12:02 PST ---
(In reply to comment #20)
> (In reply to comment #19)
> > (From update of attachment 75858 [details] [details])
> > View in context: https://bugs.webkit.org/attachment.cgi?id=75858&action=review
> >
> > > WebKit/qt/Api/qwebframe.cpp:709
> > > + if (d->frame->loader()->isLoading())
> > > + d->frame->loader()->stopAllLoaders();
> > > d->frame->loader()->writer()->begin(absolute);
> > > d->frame->loader()->writer()->end();
> >
> > These methods are all way too low-level to be called from WebKit. You should call some API on FrameLoader that does what you want. This code might well be a security vulnerability too. I'd have to look into the details. The issue is you're spamming "absolute" over the document, which will give whoever has a pointer to the document access the cookies for "absolute".
>
> That could very well be (I'm not too familiar with this code yet), though the call to DocumentWriter::begin() predates this proposed bug fix, it seems to have been around for quite some time.
Yeah, this has probably been wrong for a while. The right fix is likely to remove the wrong code and call through to the appropriate high-level API for loading a URL. One option is something like scheduleLocationChange. That should do all the low-level state tweaking for you.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list