Kartikaya Gupta wrote:
On Thu, 17 Jul 2008 11:48:52 -0400, Boris Zbarsky <[EMAIL PROTECTED]> wrote:
There are countless other
implementations of MutationEvents out in the world
(http://google.com/codesearch?hl=en&lr=&q=DOMNodeRemoved+-mozilla+-webcore&sbtn=Search).
They exist in more languages and are used in more contexts than I
care to enumerate
That's fine. How many of those contexts have to assume that all DOM
access is malicious?
More than zero, I think. There's at least one gtk implementation that (at a
quick glance) would have to deal with potentially malicious users.
And how well is gtk dealing with this? Has anyone done any extensive
testing, such as fuzzing, to try to do evil things inside these mutation
listeners?
/ Jonas
