Bug 13221 - VitalSource Bookshelf should not pass return statements into stringByEvaluatingJavaScriptFromString
Summary: VitalSource Bookshelf should not pass return statements into stringByEvaluati...
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: Evangelism (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Nobody
URL: http://vitalsource.com/
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2007-03-28 14:21 PDT by Adele Peterson
Modified: 2020-10-23 13:44 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adele Peterson 2007-03-28 14:21:44 PDT 
VitalSource Bookshelf should not pass return statements into stringByEvaluatingJavaScriptFromString.

While investigating this VitalSource Bookshelf bug:

http://bugs.webkit.org/show_bug.cgi?id=12587
REGRESSION: VitalSource Bookshelf registering for a new account fails in TOT

We realized that their application code was calling [WebView stringByEvaluatingJavaScriptFromString] with strings like:

"return document.forms[0].elements.length"

We used to allow this, but now we have error checking to make sure return statements are within a function, and this will throw a Javascript exception.

We are adding a workaround for this application, but we need to notify VitalSource, so they can change their code.

They seem to be using these calls to contruct a url string that contains the form elements' values.  But they should just be able to use the ObjC DOM calls to submit the form directly.

If they keep their current code, they should just send strings like "document.forms[0].elements.length"
Comment 1 Adele Peterson 2007-03-28 14:21:58 PDT 
<rdar://problem/5095515>