Summary: | Fix Chromium canary bot | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Adam Barth <abarth> | ||||||
Component: | DOM | Assignee: | Adam Barth <abarth> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | abarth, dglazkov, levin, paul | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Attachments: |
|
Description
Adam Barth
2009-06-19 11:54:45 PDT
Created attachment 31559 [details]
patch
Comment on attachment 31559 [details]
patch
yay!
Will land. DRT is chugging along as we speak. Sending WebCore/ChangeLog Sending WebCore/bindings/js/ScriptController.cpp Sending WebCore/bindings/js/ScriptSourceCode.h Sending WebCore/bindings/v8/ScriptController.cpp Sending WebCore/page/XSSAuditor.cpp Sending WebCore/page/XSSAuditor.h Transmitting file data ...... Committed revision 44869. The source() function in ScriptSourceCode.h looks bad to me. It looks like JavaScriptCore is being forced to copy some code -- won't that make things slow? I agree with Darin. It looks like that copy was in there before *but* it was only done when m_isEnabled was true. 59 bool XSSAuditor::canEvaluate(const ScriptSourceCode& sourceCode) const 60 { 61 if (!m_isEnabled) 62 return true; 63 64 return canEvaluate(String(sourceCode.jsSourceCode().data(), sourceCode.jsSourceCode().length())); A simple fix to restore old behavior would be to change this line 84 if (!m_XSSAuditor->canEvaluate(sourceCode.source())) { to 84 if (m_XSSAuditor->isEnabled() && !m_XSSAuditor->canEvaluate(sourceCode.source())) { (In reply to comment #5) > The source() function in ScriptSourceCode.h looks bad to me. It looks like > JavaScriptCore is being forced to copy some code -- won't that make things > slow? Maybe ScriptSourceCode should just grab a reference to the string on construction? It looks like the string is kept alive anyway because the ScriptSourceCode holds a JSC::SourceCode which holds a RefPtr<SourceProvider> which holds String m_source (via StringSourceProvider : public JSC::SourceProvider). Created attachment 31572 [details]
work-in-progress patch
Follow patch in https://bugs.webkit.org/show_bug.cgi?id=26561 |