[Webkit-unassigned] [Bug 88188] Make foreignObject support HTML and MathML
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 24 02:13:20 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=88188
--- Comment #5 from Frédéric Wang <fred.wang at free.fr> 2013-09-24 02:12:22 PST ---
I don't think "inherent security flaws" is quite correct. To my knowledge, it's mainly a design issue with the MathML implementation violating some assumptions from other parts of the code. At least nobody (even Google engineers) has been able to provide a test case demonstrating security problem and the only thing I found was a performance issue that could make the browser hangs a few seconds ; something which I think is categorized as the lowest security level by Google.
Anyway the solution for this bug is obvious: just uses the #ifdef preprocessing rules to add/remove the MathML namespace from authorized requiredExtensions values. If the patch is imported to Chromium, the #ifdef code can just be dropped.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list