Furthermore, any loops like this:
for (RefPtr<Node> child = m_element->firstChild(); child;) {
which allow synchronous javascript execution (i.e. take an
ExceptionCode parameter) are vulnerable to crashes/security holes. :(
All of those enclose* functions use such loops. :(
-eric
On Wed, Aug 25, 2010 at 11:47 AM, Eric Seidel <[email protected]> wrote:
> My comments apply to all of the enclose* APIs in that file.
>
> On Wed, Aug 25, 2010 at 11:46 AM, Eric Seidel <[email protected]> wrote:
>> /*!
>> Encloses the contents of this element with the result of parsing \a
>> markup.
>> This element becomes the child of the deepest descendant within \a markup.
>>
>> \sa encloseWith()
>> */
>> void QWebElement::encloseContentsWith(const QString &markup)
>>
>>
>> http://trac.webkit.org/browser/trunk/WebKit/qt/Api/qwebelement.cpp#L1248
>>
>> These enclose methods use at least 2 deprecated parts of parser code
>> (HTMLElement::endTagRequirement() and
>> HTMLElement::deprecatedCreateContextualFragment()).
>>
>> They're clear layering violations, and make little sense to me.
>>
>> Who wants to call this API? Can it be removed from Qt?
>>
>> -eric
>>
>
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
