[webkit-reviews] review granted: [Bug 53405] XSS Auditor is spinning inside decodeURLEscapeSequences() if there are percent signs in large posted data : [Attachment 81086] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 3 11:32:07 PST 2011
Alexey Proskuryakov <ap at webkit.org> has granted Adam Barth
<abarth at webkit.org>'s request for review:
Bug 53405: XSS Auditor is spinning inside decodeURLEscapeSequences() if there
are percent signs in large posted data
https://bugs.webkit.org/show_bug.cgi?id=53405
Attachment 81086: Patch
https://bugs.webkit.org/attachment.cgi?id=81086&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
Nice!
The logic remains slightly twisted in that the second sequence in "%FF%zz" will
be checked twice. It's not important in practice, but makes the code harder to
follow.
-
+
I don't care personally, but we usually prefer no trailing whitespace.
It's obviously hard to make a regression test for this, but since major URL
code rewrite is not off the table, a test would be nice.
More information about the webkit-reviews
mailing list