[Webkit-unassigned] [Bug 82307] [WebSocket]Browser must fail connection if Sec-WebSocket-Protocol mismatched.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 28 02:11:32 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82307
--- Comment #12 from Kent Tamura <tkent at chromium.org> 2012-03-28 02:11:32 PST ---
(In reply to comment #11)
> (In reply to comment #9)
> >
> > > Source/WebCore/Modules/websockets/WebSocketHandshake.cpp:728
> > > + m_clientProtocol.split(String(", "), result);
> >
> > Using a string literal ", " looks dangerous. If we changed the protocol string generation code so that it used " , ", this check would not work.
>
> This String was constructed by browser itself, not from network. So it would be safe.
> In addition, if the protocol spec will be updated, the constructing methods also need be improved.
Yeah, I know. Someone might want to change ", " in WebSocket::connect() in the future.
We should have a constant variable for the separator, or WebSocket should pass unjoined protocol tokens to WebSocketHandshake.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list