On Mon, Jan 11, 2010 at 12:21 PM, Paweł Hajdan, Jr.
<phajdan...@chromium.org> wrote:
> Is there any security risks with passing raw ftp listings to the
> renderer in case we can't parse them? We already have a check in the
> code so that we will only make a data connection to the server we have
> the control connection with.
That should be fine. In general, the render is allowed to see the
information contained in these directory listings. Handing off the
unparsed listing is very similar to handing off the parsed listings.
Adam
--
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
