[Webkit-unassigned] [Bug 83281] [EFL] Add setting API to enable/disable XSSAuditor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 11 10:29:29 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=83281
--- Comment #11 from Raphael Kubo da Costa (rakuco) <rakuco at webkit.org> 2012-04-11 10:29:29 PST ---
(From update of attachment 136686)
View in context: https://bugs.webkit.org/attachment.cgi?id=136686&action=review
> Source/WebKit/efl/ewk/ewk_frame.cpp:1787
> +void ewk_frame_xss_detected(Evas_Object* ewkFrame, const Ewk_Frame_Xss_Notification *xssInfo)
Style nit: inconsistent positioning of the asterisks.
> Source/WebKit/efl/ewk/ewk_view.h:2388
> + * from reflected XSS attacks on vulnerable web sites. It notifies FrameLoaderClient
> + * with didDetectXSS when XSS is encountered in the page and provides additional
> + * information on whether the entire page was blocked or only injected scripts were
> + * removed. This feature is enabled by default.
Thanks for rephrasing this. Mentioning FLC and the method name is not necessary; when writing these documentation bits, try to think from the user's point of view: they are using webkit-efl in their program, but probably have no idea of how it works and have never heard of FrameLoaderClient and friends.
> Tools/DumpRenderTree/efl/DumpRenderTreeChrome.cpp:108
> + evas_object_smart_callback_add(mainFrame, "xss,detected", onDidDetectXSS, 0);
Don't you need to listen for this in all frames?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list