Could you file bugs for these? Also, do you know of any other way of accomplishing the same behaviour without having security issues/crashes?
Kenneth On Wed, Aug 25, 2010 at 3:51 PM, Eric Seidel <e...@webkit.org> wrote: > Furthermore, any loops like this: > > for (RefPtr<Node> child = m_element->firstChild(); child;) { > > which allow synchronous javascript execution (i.e. take an > ExceptionCode parameter) are vulnerable to crashes/security holes. :( > > All of those enclose* functions use such loops. :( > > -eric > > On Wed, Aug 25, 2010 at 11:47 AM, Eric Seidel <e...@webkit.org> wrote: >> My comments apply to all of the enclose* APIs in that file. >> >> On Wed, Aug 25, 2010 at 11:46 AM, Eric Seidel <e...@webkit.org> wrote: >>> /*! >>> Encloses the contents of this element with the result of parsing \a >>> markup. >>> This element becomes the child of the deepest descendant within \a >>> markup. >>> >>> \sa encloseWith() >>> */ >>> void QWebElement::encloseContentsWith(const QString &markup) >>> >>> >>> http://trac.webkit.org/browser/trunk/WebKit/qt/Api/qwebelement.cpp#L1248 >>> >>> These enclose methods use at least 2 deprecated parts of parser code >>> (HTMLElement::endTagRequirement() and >>> HTMLElement::deprecatedCreateContextualFragment()). >>> >>> They're clear layering violations, and make little sense to me. >>> >>> Who wants to call this API? Can it be removed from Qt? >>> >>> -eric >>> >> > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > -- Kenneth Rohde Christiansen Technical Lead / Senior Software Engineer Qt Labs Americas, Nokia Technology Institute, INdT Phone +55 81 8895 6002 / E-mail kenneth.christiansen at openbossa.org http://codeposts.blogspot.com ﹆﹆﹆ _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev