Hi there! On Thu, May 10, 2012 at 9:32 AM, Jocelyn Turcotte < [email protected]> wrote:
> > I don't think we need to sanitize view-source URLs, they will be generated > from the current URL most of the time and if the user really want to enter > it manually then he just has to do it properly. Independently if we do it > in the web or UI process. > So you don't think we should support "view-source:www.foo.com", right? (Note the absence of a second - http - scheme). Not sanitizing them will make us only support well-formed URLs (view-source:http://www.foo.com). > > > > > On the way, back, on the UI Process, we would end up with a url property > > that wouldn't contain the view-source scheme, so some logic would be > needed > > there as well in order to re-add it. > > Depending on how much edge-case this would force us to handle, it would be > worth trying changing the scheme in WebFrame::url if inViewSourceMode() is > true, before it goes to the UI process. > > But I'm pretty sure that there are URLs poping out of pretty much all > sides of WebCore in loader clients, etc. that would need to be converted as > well, so I wouldn't be surprised if that doesn't work out of the box. > Unless, of course, we protect everything with #if PLATFORM(QT), I'm in general too cautious about touching such a sensitive code as WebFrame::url. Not protecting it might not even be an option since it would then make all ports support this out of the box. Thanks for the feedback! jesus > > Jocelyn >
_______________________________________________ webkit-qt mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt
