Bug 40265

Summary: Fix XFrameOptions and xssAuditor crashes in HTML5 parser
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 39259    
Attachments:
Description Flags
Patch eric: review+

Adam Barth
Reported 2010-06-07 14:22:52 PDT
Fix XFrameOptions and xssAuditor crashes in HTML5 parser
Attachments
Patch (5.95 KB, patch)
2010-06-07 14:26 PDT, Adam Barth 		eric: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2010-06-07 14:26:37 PDT
Created attachment 58085 [details] Patch
Eric Seidel (no email)
Comment 2 2010-06-07 14:43:11 PDT
Comment on attachment 58085 [details] Patch WebCore/html/HTML5Tokenizer.cpp:47 + *m_counter = *m_counter + 1; += 1? WebCore/html/HTML5Tokenizer.cpp:52 + *m_counter = *m_counter - 1; -= 1? -- and ++ might work for (*m_counter)++, i' not sure. WebCore/html/HTML5Tokenizer.cpp:105 + NestingLevelIncrementer nestingLevelIncrementer(m_writeNestingLevel); Seems like we want to use this in other places too eventually. :) WebCore/html/HTML5Tokenizer.cpp:140 + if (!m_source.isEmpty() || isWaitingForScripts() || executingScript() || !m_endWasDelayed) m_endWasDelayed should be the first check, not the last. WebCore/html/HTML5Tokenizer.cpp:143 + m_endWasDelayed = false; Do we need to ASSERT in the destructor that we did end? Seems better than we currently have, but probably not perfect yet.
Adam Barth
Comment 3 2010-06-07 14:53:25 PDT
Committed r60802: <http://trac.webkit.org/changeset/60802>
Note You need to log in before you can comment on or make changes to this bug.