Index: third_party/WebKit/Source/modules/webdatabase/DatabaseAuthorizer.cpp |
diff --git a/third_party/WebKit/Source/modules/webdatabase/DatabaseAuthorizer.cpp b/third_party/WebKit/Source/modules/webdatabase/DatabaseAuthorizer.cpp |
index 1236cc2edcb4d1829dcb54c74b5643e21e9cad00..41d08091301dd9ebdc771bf38d551aae8e8bb424 100644 |
--- a/third_party/WebKit/Source/modules/webdatabase/DatabaseAuthorizer.cpp |
+++ b/third_party/WebKit/Source/modules/webdatabase/DatabaseAuthorizer.cpp |
@@ -345,11 +345,14 @@ int DatabaseAuthorizer::denyBasedOnTableName(const String& tableName) const { |
if (!m_securityEnabled) |
return SQLAuthAllow; |
- // Sadly, normal creates and drops end up affecting sqlite_master in an authorizer callback, so |
- // it will be tough to enforce all of the following policies |
- //if (equalIgnoringCase(tableName, "sqlite_master") || equalIgnoringCase(tableName, "sqlite_temp_master") || |
- // equalIgnoringCase(tableName, "sqlite_sequence") || equalIgnoringCase(tableName, Database::databaseInfoTableName())) |
- // return SQLAuthDeny; |
+ // Sadly, normal creates and drops end up affecting sqlite_master in an |
+ // authorizer callback, so it will be tough to enforce all of the following |
+ // policies: |
+ // if (equalIgnoringCase(tableName, "sqlite_master") || |
+ // equalIgnoringCase(tableName, "sqlite_temp_master") || |
+ // equalIgnoringCase(tableName, "sqlite_sequence") || |
+ // equalIgnoringCase(tableName, Database::databaseInfoTableName())) |
+ // return SQLAuthDeny; |
if (equalIgnoringCase(tableName, m_databaseInfoTableName)) |
return SQLAuthDeny; |