[Webkit-unassigned] [Bug 102814] Crash from deeply-nested iframes with data: URIs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 21 07:37:59 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=102814
Yong Li <yoli at rim.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Product|Security |WebKit
Version|525.x (Nightly build) |528+ (Nightly build)
Component|Security |Page Loading
AssignedTo|webkit-security-unassigned@ |webkit-unassigned at lists.web
|lists.webkit.org |kit.org
Group|Security-Sensitive |
--- Comment #9 from Yong Li <yoli at rim.com> 2012-11-21 07:40:00 PST ---
(In reply to comment #6)
>
> I should also say that I don't see any reason why we should fix this bug. If it's only a DoS issue and it isn't occurring in practice, then we should wait until it actually occurs in practice before worrying about it.
I can't agree on this. It is very usual that developers fix potential issues that have never happened in practice, including WebKit. Cosmin's patch 1) merges 2 duplicate code blocks into one function and makes it easier to maintain in the future, 2) give a limit to frame tree depth as FireFox does. If we think that improves WebKit, why shouldn't we do it?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list