We should release NoEventDispatchAssertion::InMainThread::isEventAllowed() ScriptController::canExecute, Document::updateLayout, and Document::updateStyle. This would prevent the vast majority of unwanted script executions that directly leads to security bugs in WebCore.
<rdar://problem/35008993>
Created attachment 326020 [details] Enables the assertion
Attachment 326020 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:12: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug, vulnerab [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 326020 [details] Enables the assertion r=me
Comment on attachment 326020 [details] Enables the assertion Clearing flags on attachment: 326020 Committed r224534: <https://trac.webkit.org/changeset/224534>
All reviewed patches have been landed. Closing bug.