WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 40265
Fix XFrameOptions and xssAuditor crashes in HTML5 parser
https://bugs.webkit.org/show_bug.cgi?id=40265
Summary
Fix XFrameOptions and xssAuditor crashes in HTML5 parser
Adam Barth
Reported
2010-06-07 14:22:52 PDT
Fix XFrameOptions and xssAuditor crashes in HTML5 parser
Attachments
Patch
(5.95 KB, patch)
2010-06-07 14:26 PDT
,
Adam Barth
eric
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Adam Barth
Comment 1
2010-06-07 14:26:37 PDT
Created
attachment 58085
[details]
Patch
Eric Seidel (no email)
Comment 2
2010-06-07 14:43:11 PDT
Comment on
attachment 58085
[details]
Patch WebCore/html/HTML5Tokenizer.cpp:47 + *m_counter = *m_counter + 1; += 1? WebCore/html/HTML5Tokenizer.cpp:52 + *m_counter = *m_counter - 1; -= 1? -- and ++ might work for (*m_counter)++, i' not sure. WebCore/html/HTML5Tokenizer.cpp:105 + NestingLevelIncrementer nestingLevelIncrementer(m_writeNestingLevel); Seems like we want to use this in other places too eventually. :) WebCore/html/HTML5Tokenizer.cpp:140 + if (!m_source.isEmpty() || isWaitingForScripts() || executingScript() || !m_endWasDelayed) m_endWasDelayed should be the first check, not the last. WebCore/html/HTML5Tokenizer.cpp:143 + m_endWasDelayed = false; Do we need to ASSERT in the destructor that we did end? Seems better than we currently have, but probably not perfect yet.
Adam Barth
Comment 3
2010-06-07 14:53:25 PDT
Committed
r60802
: <
http://trac.webkit.org/changeset/60802
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug