On 2/21/07, Maciej Stachowiak <[EMAIL PROTECTED]> wrote:
>Have you tried using a static checker for these?
We're looking into applying a static checker for all of WebKit; we
need to work out the logistics, to make sure there are up-to-date
results regularly available to the community.
I ca
On 22-Feb-07, at 1:22 AM, Maciej Stachowiak wrote:
2) Additional testing
* Fuzz-test for custom parsers - the biggest security risk is
buffer overruns in some of the custom parsers, so we'd like to
develop a fuzz-testing tool for attributes that trigger these,
and fix resulting crashes.
On Feb 21, 2007, at 8:12 AM, George Staikos wrote:
On 20-Feb-07, at 3:13 AM, Maciej Stachowiak wrote:
As part of our stabilization effort, SVG has been raised as an
area of concern. Some of the newer SVG features have been sources
of crashes, some of which could potentially be security is
Andreas,
More testing would be great!
Our existing tests are in LayoutTests/svg/. They include the W3C
tests, version 1.1. You can run our tests with the run-webkit-tests
script, passing it --pixel to generate pixel results. I don't think
pixel tests work very well for SVG right now, so yo
Hi, Andreas-
I agree that 'use' is very important, but would favor dropping it (for
now) rather than introduce a potential security hole in Safari. I don't
want people to get a bad taste for SVG, and I don't want people to
suffer for its inclusion.
I guess the pertinent questions are:
* Wh
On 21 Feb 2007, at 17:12, George Staikos wrote:
Have you tried using a static checker for these?
good question.
It's a bit worrisome that we could still have issues like this.
from what i understand the svg path parser code among other parts is
relatively new.
more review is probably al
On 20-Feb-07, at 3:13 AM, Maciej Stachowiak wrote:
As part of our stabilization effort, SVG has been raised as an area
of concern. Some of the newer SVG features have been sources of
crashes, some of which could potentially be security issues (the
ones that are buffer overruns).
Specific
Thanks anyways, Justin!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 20, 2007 5:23 PM
To: Ionut Durbaca
Cc: webkit-dev@lists.webkit.org
Subject: RE: [webkit-dev] Printing in WebKit (Windows) / PRINTER / doc
capture
I'm not that good :). I'v
Hi everyone, Maciej,
On 20 févr. 2007, at 10:12, Andreas Neumann wrote:
From your list in 1) I agree that SVGImage, Animation, Filters and
ForeignObject probably need more effort and testing and they are
candidates to be disabled. This also matches what Firefox can do
today. However, the s
9 matches
Mail list logo
