[Webkit-unassigned] [Bug 62347] [EFL] Add load error handler to EWebLauncher
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 13 15:20:57 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=62347
--- Comment #7 from Eric Seidel <eric at webkit.org> 2011-06-13 15:20:56 PST ---
(From update of attachment 96657)
View in context: https://bugs.webkit.org/attachment.cgi?id=96657&action=review
> Tools/EWebLauncher/main.c:322
> + snprintf(message, 1024, "<html><body><div style=\"color:#ff0000\">ERROR!</div><br><div>Code: %d<br>Domain: %s<br>Description: %s<br>URL: %s</div></body</html>",
> + err->code, err->domain, err->description, err->failing_url);
Do we have any concerns about security of this HTML injection? I assume that the injected message can't be controleled by an attacker from a different domain?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list