15811 – WebKit plug-ins can re-enter WebKit under attach()

RESOLVED FIXED 15811

WebKit plug-ins can re-enter WebKit under attach()

https://bugs.webkit.org/show_bug.cgi?id=15811

Summary WebKit plug-ins can re-enter WebKit under attach()

mitz

Reported 2007-11-02 21:14:24 PDT

[This is a follow-up to bug 15405 regarding the general case] HTMLObjectElement::attach() calls RenderPartObject::updateWidget() which lets WebKit plugins execute arbitrary code, potentially re-entering WebKit. I think at some point the protection against creating widgets when updateWidget() is called by attach() applied to WebKit plug-ins, but later it was restricted to Netscape plug-ins.

Attachments
Add attachment proposed patch, testcase, etc.

mitz

Comment 1 2007-11-02 21:17:35 PDT

<rdar://problem/5577978>

mitz

Comment 2 2007-11-22 22:05:12 PST

Fixed in <http://trac.webkit.org/projects/webkit/changeset/27982>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 523.x (Safari 3)

Hardware Mac

OS OS X 10.4

Product WebKit

Component Layout and Rendering

Assignee

Nobody

Reported

2007-11-02 21:14 PDT

Modified

2007-11-22 22:05 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks