<div dir="ltr"><div>At present I am focusing on CSSParser::findURI() particularly and CSSParser::realLex() other related functionality in CSSParser.cpp - hope I am on right track. ;-)</div><div><br></div><div>Please let me know if I should be looking at some other functionality as well to resolve this issue.</div><div><br></div><div>Thanks!</div><div>Atul.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 3, 2017 at 2:33 PM, Atul Sowani <span dir="ltr"><<a href="mailto:sowani@gmail.com" target="_blank">sowani@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>I came across an issue in qtwebkit CSS parser while working on a PhantomJS crash. The issue seems to be with parsing of <link rel="..." href="..."> type elements in an HTML page. What I observed is that the parser is trying to interpret the value for href given inside double-quotes. The value contains a "-" (e.g. "<a href="http://some.domain.com/some-page-etc-etc" target="_blank">http://some.domain.com/some-<wbr>page-etc-etc</a>"). The "-" sign is being interpreted as minus and then things go wrong. In another case I found that "\g" embedded in the value (e.g. "<a href="http://some.domain.com/some-page/global/something" target="_blank">http://some.domain.com/some-<wbr>page/global/something</a>") is also creating issues. In essence, the parser is trying to interpret the value, which I believe, it should not.</div><div><br></div><div>I am willing to dive further into it to debug and fix the issue, but looking at the complexity and size of WebCore, I think I would benefit a lot to expedite a fix, if I could get some tips about which code area/functionality I should specifically focus in the WebCore. Looking forward to some help in this regard.</div><div><br></div><div>Thanks,</div><div>Atul.</div><div><br></div></div>
</blockquote></div><br></div>