Bug 163253 - Don't run SecurityOrigin's port through URLParser
Summary: Don't run SecurityOrigin's port through URLParser
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-10 16:35 PDT by Alex Christensen
Modified: 2023-02-08 07:27 PST (History)
1 user (show)

See Also:

Attachments
Patch (6.02 KB, patch)
2016-10-10 16:37 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Patch (2.28 KB, patch)
2016-10-10 16:52 PDT, Alex Christensen 		beidson: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2016-10-10 16:35:58 PDT 
Don't run SecurityOrigin constructor parameters through URLParser
Comment 1 Alex Christensen 2016-10-10 16:37:40 PDT 
Created attachment 291183 [details]
Patch
Comment 2 Brady Eidson 2016-10-10 16:42:15 PDT 
Comment on attachment 291183 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=291183&action=review

> Source/WebCore/page/SecurityOrigin.cpp:-107
> -    : m_protocol(url.protocol().isNull() ? emptyString() : url.protocol().convertToASCIILowercase())
> -    , m_host(url.host().isNull() ? emptyString() : url.host().convertToASCIILowercase())

Empty vs null is important.
Can't lose this.

> Source/WebCore/page/SecurityOrigin.cpp:114
> +    : m_protocol(protocol.convertToASCIILowercase())
> +    , m_host(host.convertToASCIILowercase())

Ditto.

> Source/WebCore/page/SecurityOrigin.h:235
> +    String m_protocol { emptyString() };
> +    String m_host { emptyString() };
> +    String m_domain { emptyString() };

All constructors overwrite these defaults.

I wonder if there's any scenarios where SecurityOrigin is hot enough that this is a concern (overriding them)

I also wonder if the compiler optimizes that out anyways.

I wonder...
Comment 3 Alex Christensen 2016-10-10 16:52:35 PDT 
Created attachment 291187 [details]
Patch
Comment 4 Alex Christensen 2016-10-10 16:54:45 PDT 
http://trac.webkit.org/changeset/207033