Summary: | Wire up CSP's eval blocking to V8's new API | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Adam Barth <abarth> | ||||
Component: | New Bugs | Assignee: | Adam Barth <abarth> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | commit-queue, eric | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 53572 | ||||||
Attachments: |
|
Description
Adam Barth
2011-05-06 10:45:44 PDT
Created attachment 92605 [details]
Patch
Comment on attachment 92605 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review Does this need a DEPs update? > Source/WebCore/bindings/v8/ScriptController.cpp:310 > + m_proxy->windowShell()->initContextIfNeeded(); I wonder how many places might be missing this call. :) > Source/WebCore/bindings/v8/ScriptController.cpp:317 > + v8Context->AllowCodeGenerationFromStrings(false); I wonder how many other things this may unintentionally break? Doesn't chrome/v8 execute js strings internally all over the place? (In reply to comment #2) > (From update of attachment 92605 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=92605&action=review > > Does this need a DEPs update? Nope. That already happened. > > Source/WebCore/bindings/v8/ScriptController.cpp:310 > > + m_proxy->windowShell()->initContextIfNeeded(); > > I wonder how many places might be missing this call. :) Good question. Much of this code is crap and needs a re-working. > > Source/WebCore/bindings/v8/ScriptController.cpp:317 > > + v8Context->AllowCodeGenerationFromStrings(false); > > I wonder how many other things this may unintentionally break? Doesn't chrome/v8 execute js strings internally all over the place? This API was created expressly for our needs. It's supposed to do exactly what we want. Comment on attachment 92605 [details] Patch Clearing flags on attachment: 92605 Committed r85972: <http://trac.webkit.org/changeset/85972> All reviewed patches have been landed. Closing bug. |