[Webkit-unassigned] [Bug 65542] Need support for dirname attribute
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 4 00:32:09 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65542
--- Comment #21 from Rakesh <rakesh.kn at motorola.com> 2011-11-04 00:32:08 PST ---
(In reply to comment #20)
> (From update of attachment 113458 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=113458&action=review
>
Thanks for the inputs, will upload a patch with suggested changes.
> > Source/WebCore/html/HTMLTextFormControlElement.cpp:584
> > + TextDirection textDirection = static_cast<const HTMLElement*>(element)->directionalityIfhasDirAutoAttribute(isAuto);
>
> This cast to an HTMLElement can be a bad cast. Webpages can put an HTML element inside a non-HTML element, such as an SVG element. If we want to assume it’s an HTMLElement we need to actually check isHTMLElement. A bad cast can cause crashes, in some cases crashes that are exploitable security vulnerabilities.
Yes, having a isHTMLElement check can avoid crashes. For me to have a better understanding, can non HTML elements have dir attribute? Spec specifies as "If the element's dir attribute is in the auto state", so should 'directionalityIfhasDirAutoAttribute' be an Element's function?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list