[Webkit-unassigned] [Bug 82307] [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 28 01:54:00 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82307
--- Comment #11 from joey <li.yin at intel.com> 2012-03-28 01:53:55 PST ---
(In reply to comment #9)
>
> > Source/WebCore/Modules/websockets/WebSocketHandshake.cpp:728
> > + m_clientProtocol.split(String(", "), result);
>
> Using a string literal ", " looks dangerous. If we changed the protocol string generation code so that it used " , ", this check would not work.
This String was constructed by browser itself, not from network. So it would be safe.
In addition, if the protocol spec will be updated, the constructing methods also need be improved.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list