[Webkit-unassigned] [Bug 83282] Web Inspector: Allow inspection of Web Socket Frames

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=83282





--- Comment #24 from Konrad Piascik <kpiascik at rim.com>  2012-04-19 11:47:21 PST ---
>> Source/WebCore/inspector/front-end/ResourceWebSocketFrameView.js:61
>> +        dateCell.innerHTML = String.sprintf("%s %s", (payload.sent ? "→" : (payload.errorMessage ? "" : "←")), date.toISOString());
> 
> Assign to textContent, not innerHTML, otherwise, web socket would be able to inject javascript into the front-end page.

This isn't really a valid concern since the string being created is not comprised of user input of any kind.  I'm simply putting a left arrow (←) or right arrow (→) to indicate whether it is a sent or received frame and then putting the date in an ISOString format.  The frame playload isn't being set as innerHTML.  It is set as innerText below.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.