[Webkit-unassigned] [Bug 83282] Web Inspector: Allow inspection of Web Socket Frames

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 19 11:47:23 PDT 2012


--- Comment #24 from Konrad Piascik <kpiascik at rim.com>  2012-04-19 11:47:21 PST ---
>> Source/WebCore/inspector/front-end/ResourceWebSocketFrameView.js:61
>> +        dateCell.innerHTML = String.sprintf("%s %s", (payload.sent ? "→" : (payload.errorMessage ? "" : "←")), date.toISOString());
> Assign to textContent, not innerHTML, otherwise, web socket would be able to inject javascript into the front-end page.

This isn't really a valid concern since the string being created is not comprised of user input of any kind.  I'm simply putting a left arrow (←) or right arrow (→) to indicate whether it is a sent or received frame and then putting the date in an ISOString format.  The frame playload isn't being set as innerHTML.  It is set as innerText below.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list