[webkit-reviews] review granted: [Bug 40265] Fix XFrameOptions and xssAuditor crashes in HTML5 parser : [Attachment 58085] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 7 14:43:10 PDT 2010
Eric Seidel <eric at webkit.org> has granted Adam Barth <abarth at webkit.org>'s
request for review:
Bug 40265: Fix XFrameOptions and xssAuditor crashes in HTML5 parser
https://bugs.webkit.org/show_bug.cgi?id=40265
Attachment 58085: Patch
https://bugs.webkit.org/attachment.cgi?id=58085&action=review
------- Additional Comments from Eric Seidel <eric at webkit.org>
WebCore/html/HTML5Tokenizer.cpp:47
+ *m_counter = *m_counter + 1;
+= 1?
WebCore/html/HTML5Tokenizer.cpp:52
+ *m_counter = *m_counter - 1;
-= 1? -- and ++ might work for (*m_counter)++, i' not sure.
WebCore/html/HTML5Tokenizer.cpp:105
+ NestingLevelIncrementer nestingLevelIncrementer(m_writeNestingLevel);
Seems like we want to use this in other places too eventually. :)
WebCore/html/HTML5Tokenizer.cpp:140
+ if (!m_source.isEmpty() || isWaitingForScripts() || executingScript()
|| !m_endWasDelayed)
m_endWasDelayed should be the first check, not the last.
WebCore/html/HTML5Tokenizer.cpp:143
+ m_endWasDelayed = false;
Do we need to ASSERT in the destructor that we did end?
Seems better than we currently have, but probably not perfect yet.
More information about the webkit-reviews
mailing list