Created attachment 113889 [details] Patch

Comment on attachment 113889 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=113889&action=review > Source/WebCore/page/SecurityOrigin.cpp:555 > + while (start < length && isHTMLSpace(characters[start])) I think we should just reproduce this function locally. I don't think we gain anything by depending on html/ here unless the security origin spec explicitly tries to match html?

I'm not really sure where this function should live. It used to make sense in this file when the sandbox bits were stored on SecurityOrigin. When we create the SecurityContext class, it should probably live there. To answer your question more directly, the parsing of these policies is defined in HTML5, and the algorithm in the spec refers to the generic HTML space definition used throughout the spec, which is why I think it makes sense to call this function.

(In reply to comment #3) > To answer your question more directly, the parsing of these policies is defined in HTML5, and the algorithm in the spec refers to the generic HTML space definition used throughout the spec, which is why I think it makes sense to call this function. Ok. It might make sense to document that that's why we have this seeming dependency inversion. :) But if you feel the spec is good enough documentation for that, that's OK too.

Comment on attachment 113889 [details] Patch I'll add a link to the spec when I move this to SecurityContext.

Comment on attachment 113889 [details] Patch Clearing flags on attachment: 113889 Committed r99466: <http://trac.webkit.org/changeset/99466>

All reviewed patches have been landed. Closing bug.