111099 – XSSAuditor should use threadSafeMatch when relevant.

Bug 111099 - XSSAuditor should use threadSafeMatch when relevant.

Summary: XSSAuditor should use threadSafeMatch when relevant.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mike West

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-28 12:12 PST by Mike West
Modified:	2013-03-01 00:49 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (1.98 KB, patch) 2013-02-28 12:19 PST, Mike West	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike West 2013-02-28 12:12:17 PST

In XSSAuditor::hasName, there's a use of equalIgnoringNullity that can be trivially replaced with threadSafeMatch. That seems like a good thing to do.

We're also using equalIgnoringNullity in XSSAuditor::findAttributeWithName, but that usage seems safe, since we're creating a new string to do the comparison against.

Comment 1 Mike West 2013-02-28 12:19:08 PST

Created attachment 190779 [details]
Patch

Comment 2 WebKit Review Bot 2013-03-01 00:49:18 PST

Comment on attachment 190779 [details]
Patch

Clearing flags on attachment: 190779

Committed r144425: <http://trac.webkit.org/changeset/144425>

Comment 3 WebKit Review Bot 2013-03-01 00:49:21 PST

All reviewed patches have been landed.  Closing bug.