Summary: | XSS Auditor is spinning inside decodeURLEscapeSequences() if there are percent signs in large posted data | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alexey Proskuryakov <ap> | ||||||||
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | abarth, commit-queue, dbates | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | 528+ (Nightly build) | ||||||||||
Hardware: | All | ||||||||||
OS: | All | ||||||||||
Bug Depends on: | 49845 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Alexey Proskuryakov
2011-01-30 15:15:35 PST
Created attachment 80603 [details]
test case
I suspect this will be fixed at the same time as Bug 49845. The problem here seems to be that decodeURLEscapeSequences is really slow on this input. It shouldn't be. I'll investigate some more. I see the bug. This algorithm is N^2! Created attachment 81086 [details]
Patch
Comment on attachment 81086 [details]
Patch
Nice!
The logic remains slightly twisted in that the second sequence in "%FF%zz" will be checked twice. It's not important in practice, but makes the code harder to follow.
-
+
I don't care personally, but we usually prefer no trailing whitespace.
It's obviously hard to make a regression test for this, but since major URL code rewrite is not off the table, a test would be nice.
Created attachment 81097 [details]
Patch
> I don't care personally, but we usually prefer no trailing whitespace. Sorry. I'm not that facile with the Xcode editor. > It's obviously hard to make a regression test for this, but since major URL code rewrite is not off the table, a test would be nice. We do have those "order of magnitude" tests for editing. I might be possible to adapt those for this case... Comment on attachment 81097 [details]
Patch
Trying to write a test for this sounds like it will cause more trouble than its worth. This patch is basically a performance optimization, which we typically don't write tests for.
Well, we have a few tests for algorithmic improvements like this, and I don't think that they've been flaky recently. But this was only a suggestion. Thank you for fixing this! Comment on attachment 81097 [details] Patch Clearing flags on attachment: 81097 Committed r77600: <http://trac.webkit.org/changeset/77600> All reviewed patches have been landed. Closing bug. |