Don't run SecurityOrigin constructor parameters through URLParser
Created attachment 291183 [details] Patch
Comment on attachment 291183 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=291183&action=review > Source/WebCore/page/SecurityOrigin.cpp:-107 > - : m_protocol(url.protocol().isNull() ? emptyString() : url.protocol().convertToASCIILowercase()) > - , m_host(url.host().isNull() ? emptyString() : url.host().convertToASCIILowercase()) Empty vs null is important. Can't lose this. > Source/WebCore/page/SecurityOrigin.cpp:114 > + : m_protocol(protocol.convertToASCIILowercase()) > + , m_host(host.convertToASCIILowercase()) Ditto. > Source/WebCore/page/SecurityOrigin.h:235 > + String m_protocol { emptyString() }; > + String m_host { emptyString() }; > + String m_domain { emptyString() }; All constructors overwrite these defaults. I wonder if there's any scenarios where SecurityOrigin is hot enough that this is a concern (overriding them) I also wonder if the compiler optimizes that out anyways. I wonder...
Created attachment 291187 [details] Patch
http://trac.webkit.org/changeset/207033