[Webkit-unassigned] [Bug 62347] [EFL] Add load error handler to EWebLauncher

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 13 15:20:57 PDT 2011


--- Comment #7 from Eric Seidel <eric at webkit.org>  2011-06-13 15:20:56 PST ---
(From update of attachment 96657)
View in context: https://bugs.webkit.org/attachment.cgi?id=96657&action=review

> Tools/EWebLauncher/main.c:322
> +    snprintf(message, 1024, "<html><body><div style=\"color:#ff0000\">ERROR!</div><br><div>Code: %d<br>Domain: %s<br>Description: %s<br>URL: %s</div></body</html>",
> +             err->code, err->domain, err->description, err->failing_url);

Do we have any concerns about security of this HTML injection?  I assume that the injected message can't be controleled by an attacker from a different domain?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list