Summary: | Fix XFrameOptions and xssAuditor crashes in HTML5 parser | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Adam Barth <abarth> | ||||
Component: | New Bugs | Assignee: | Adam Barth <abarth> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | eric | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Other | ||||||
OS: | OS X 10.5 | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 39259 | ||||||
Attachments: |
|
Description
Adam Barth
2010-06-07 14:22:52 PDT
Created attachment 58085 [details]
Patch
Comment on attachment 58085 [details]
Patch
WebCore/html/HTML5Tokenizer.cpp:47
+ *m_counter = *m_counter + 1;
+= 1?
WebCore/html/HTML5Tokenizer.cpp:52
+ *m_counter = *m_counter - 1;
-= 1? -- and ++ might work for (*m_counter)++, i' not sure.
WebCore/html/HTML5Tokenizer.cpp:105
+ NestingLevelIncrementer nestingLevelIncrementer(m_writeNestingLevel);
Seems like we want to use this in other places too eventually. :)
WebCore/html/HTML5Tokenizer.cpp:140
+ if (!m_source.isEmpty() || isWaitingForScripts() || executingScript() || !m_endWasDelayed)
m_endWasDelayed should be the first check, not the last.
WebCore/html/HTML5Tokenizer.cpp:143
+ m_endWasDelayed = false;
Do we need to ASSERT in the destructor that we did end?
Seems better than we currently have, but probably not perfect yet.
Committed r60802: <http://trac.webkit.org/changeset/60802> |